Lucene search
+L

41 matches found

OSV
OSV
added 2023/07/31 2:15 p.m.5 views

CVE-2023-34635

Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page...

9.8CVSS5.8AI score0.02084EPSS
Exploits4References2
OSV
OSV
added 2023/06/21 1:15 p.m.4 views

CVE-2023-33584

Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection SQLI attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process...

9.8CVSS5.9AI score0.14242EPSS
Exploits5References5
ATTACKERKB
ATTACKERKB
added 2023/06/21 1:15 p.m.5 views

CVE-2023-33584

Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection SQLI attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process...

9.8CVSS7.4AI score0.14242EPSS
Exploits5References7
BDU FSTEC
BDU FSTEC
added 2023/06/19 12:0 a.m.7 views

The vulnerability of the XCP Authentication service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) allows a perpetrator to cause a service failure.

The vulnerability of the XCP Authentication service in the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P system is related to insufficient validation of user input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a...

7.8CVSS7.2AI score0.00933EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/16 4:15 a.m.5 views

CVE-2023-32754

Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database...

9.8CVSS6AI score0.01026EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.5 views

PT-2023-20035 · Unknown · Faveo Helpdesk

Name of the Vulnerable Software and Affected Versions: Faveo Helpdesk versions 1.0 through 1.11.1 Description: The issue arises from a lack of validation on user input data during the login process. This allows parameters passed from the front end to the back end to be controlled, leading to SQL...

8.8CVSS8.3AI score0.00805EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/03/24 12:0 a.m.6 views

CVE-2023-25350

Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection...

9.1AI score0.00805EPSS
Exploits1References2
OSV
OSV
added 2022/05/19 3:15 p.m.7 views

CVE-2021-37413

GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login...

9.8CVSS7.4AI score0.01852EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.5 views

IBM Spectrum Copy Data Management 操作系统命令注入漏洞

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, has a security vulnerability that stems from the fact that the Spectrum Copy Data Management management console login and upload credentials function incorrectly...

10CVSS6.1AI score0.02167EPSS
Exploits0References4
OSV
OSV
added 2021/10/22 2:15 p.m.5 views

CVE-2021-42169

The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code by: oretnom23 is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter username from the login form is not protected correctly and there is no security and escaping fr...

9.8CVSS5.8AI score0.0274EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/08/20 12:0 a.m.15 views

PT-2020-15601 · Kabir Alhasan · Kabir Alhasan Student Management System

Name of the Vulnerable Software and Affected Versions: Kabir Alhasan Student Management System version 1.0 Description: The issue allows for Authentication Bypass. An attacker can exploit this by using a specific combination of username and password, such as 'admin', to bypass authentication...

9.8CVSS7.3AI score0.15926EPSS
Exploits6References5
CNVD
CNVD
added 2020/07/06 12:0 a.m.5 views

SQL Injection Vulnerability in Rural Three Capitals Comprehensive Information Management Platform of Shandong Nongyou Software Co.

It is a comprehensive information management platform that integrates rural assets, funds, and resources; the platform's bidding management system does not filter inputs during login, resulting in malicious sql statements that can be executed to access sensitive database information; SQL injectio...

7.8AI score
Exploits0
CNVD
CNVD
added 2020/05/18 12:0 a.m.3 views

Submitty Input Validation Error Vulnerability

Submitty is an open source course management system . The system supports course management , assignment submission , exams and grading system and other functions . An input validation error vulnerability exists in the login page in Submitty versions 20.04.01 and earlier. The vulnerability stems...

6.1CVSS7AI score0.03518EPSS
Exploits1References1
OSV
OSV
added 2020/01/26 5:15 a.m.4 views

CVE-2019-12629

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in t...

7.2CVSS6.1AI score0.02453EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.5 views

Vulnerability of systems for data collection and process control in Citect SCADA and Mitsubishi MX4 SCADA: This vulnerability arises due to buffer overflow in the login input field, allowing attackers to execute arbitrary code.

The vulnerability of systems for data collection and process control in Citect SCADA and Mitsubishi MX4 SCADA arises due to an overflow in the input field for the login string. Exploiting this vulnerability allows a attacker to execute arbitrary code using a long input string...

5.3CVSS6AI score0.00471EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2019/07/17 8:15 p.m.6 views

CVE-2019-13448

An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients...

6.1CVSS6.4AI score0.00802EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/26 12:0 a.m.6 views

Mitel MiVoice Connect SQL Injection Vulnerability

Mitel MiVoice Connect R1707-PREM and Mitel ST are both products of Mitel Corporation of Canada.Mitel MiVoice Connect R1707-PREM is a Unified Communications Management Appliance.ST is a videoconferencing product.conferencing is one of the notification components. conferencing is one of the...

6.5CVSS7.7AI score0.01073EPSS
Exploits0References1
OSV
OSV
added 2017/02/06 5:59 p.m.4 views

UBUNTU-CVE-2017-5367

Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample...

6.1CVSS6.8AI score0.01996EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2009/02/11 4:58 p.m.7 views

mod_auth_mysql: character encoding SQL injection flaw

SQL injection vulnerability in modauthmysql.c in the mod-auth-mysql aka libapache2-mod-auth-mysql module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ backslash as part of the character encoding, allows remote attackers to execute arbitrary SQL...

7.5CVSS6.2AI score0.01863EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2007/03/20 12:0 a.m.48 views

overtheledger.txt

Hi; Affected versions: LedgerSMB 1.1.10 but see below, current is 1.1.11 SQL-Ledger 2.6.27 but see below. Current is 2.6.27 Effects: Arbitrary code execution both products and authentication bypass SQL-Ledger only. We have discovered yet another major security issue in both SQL-Ledger for affecte...

Exploits0
Rows per page
Query Builder