CVE-2023-41816

The CVE-2023-41816 entry concerns the Motorola Services Main mobile application, with a reported improper export vulnerability that could let a local attacker write to a local database. The available documents indicate an in-application export flaw as the root cause, enabling local compromise und...

Motorola Services Main 安全漏洞

Motorola Services Main is a mobile application service from Motorola USA. A security vulnerability exists in Motorola Services Main that stems from an incorrect export vulnerability that could allow a local attacker to write to a local database...

CVE-2023-48645

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...

CVE-2023-48645

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...

Sql injection

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...

CVE-2023-48645

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...

ARCHIBUS Security Vulnerabilities

ARCHIBUS is a software platform from ARCHIBUS focused on helping organizations effectively manage their real estate, facilities and infrastructure to improve efficiency, reduce costs and support strategic planning. A security vulnerability exists in ARCHIBUS version 4.0.3 that stems from the use ...

PT-2024-13617 · Archibus · Archibus

Name of the Vulnerable Software and Affected Versions: Archibus app version 4.0.3 for iOS Description: An issue was discovered in the Archibus app, which uses a local database synchronized with a Web central server instance. There is a SQL injection in the search work request feature in the...

CVE-2023-28713

Plaintext storage of a password exists in CONPROSYS HMI System CHS versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information ...

CVE-2023-21918

Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle...

CVE-2022-34910

An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device...

Design/Logic Flaw

An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device...

CVE-2022-34910

An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device...

PT-2022-19218 · Zoom · Zoom Client For Meetings +1

Name of the Vulnerable Software and Affected Versions: Zoom Client for Meetings versions prior to 5.12.6 Description: The issue arises from a failure to clear data from a local SQL database after a meeting ends, combined with the use of an insufficiently secure per-device key to encrypt that...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2022-17792)

Siemens SINEC NMS is a network management system NMS from Siemens Germany that is used to centrally monitor, manage, and configure industrial networks with tens of thousands of devices 24/7, including security-related areas.A SQL injection vulnerability in Siemens SINEC NMS allows a privileged,...

Command injection

A vulnerability has been identified in SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application...

CVE-2022-24281

A vulnerability has been identified in SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application...

PT-2022-16581 · Siemens · Sinema Server +1

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V1.0.3 SINEMA Server V14 all versions Description: A security issue allows a privileged authenticated attacker to execute arbitrary commands in the local database. This is achieved by sending specially crafted...

Siemens SINEC NMS SQL注入漏洞

Siemens SINEC NMS is a network management system NMS from Siemens Germany that is used to centrally monitor, manage, and configure industrial networks with tens of thousands of devices 24/7, including security-related areas.A SQL injection vulnerability in Siemens SINEC NMS allows a privileged,...

GHSA-8WR4-2WM6-W3PR B2 Command Line Tool TOCTOU application key disclosure

Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...