CVE-2023-22121

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2023-22109

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Web Dashboards. Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access v...

CVE-2023-43700

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication...

Online Pizza Ordering System SQL注入漏洞

Online Pizza Ordering System is an online pizza ordering system. Online Pizza Ordering System suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database via scripting...

CVE-2023-20223

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

Improper access control

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. An access control error vulnerability exists in the Cisco DNA Center API, which can be exploited by a remote attacker to submit a special request that can read and modify database data and elevate privileges...

Sql injection

SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data insert/update/delete, perform database administration operations and, in some cases, execute commands on the...

PT-2023-7766 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the User macros function in Nagios XI, which has insufficient access control. This can be exploited by a remote attacker to read, modify, or delete data, or cause ...

PT-2023-6624 · Sap · Sap Commoncryptolib

Name of the Vulnerable Software and Affected Versions: SAP CommonCryptoLib affected versions not specified Description: The issue is related to insufficient authorization checks in the SAP CommonCryptoLib library. This can lead to an escalation of privileges, allowing a remote attacker to read,...

PT-2023-18697 · WordPress · Wp Directory Kit

Name of the Vulnerable Software and Affected Versions: WP Directory Kit plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is due to missing or incorrect nonce validation on the admin page display function, making it possible for unauthenticated attackers to delete o...

CVE-2023-20211

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...

PT-2023-4390 · Cisco · Cisco Unified Communications Manager Session Management Edition +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME affected versions not specified Description: A vulnerability in the web-based management interface could allow ...

The vulnerability of the software platform for managing operational data, related to errors in using standard permissions, allows a perpetrator to read and modify arbitrary data in various system catalogs. This vulnerability enables unauthorized access and manipulation of data within the ABB Ability zenon system.

The vulnerability of the software platform for operating data management in ABB Ability zenon relates to errors in the use of standard permissions. Exploiting this vulnerability allows attackers to read and update arbitrary data in various system catalogs...

DuxCMS 跨站请求伪造漏洞

DuxCMS is an open source content management system. A cross-site request forgery vulnerability exists in DuxCMS version 2.1, which originates from admin.php that allows remote attackers to modify application data via article/admin/content/add...

CVE-2023-3324

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...

ABB Abilit zenon 安全漏洞

ABB Abilit zenon is a secure operational data management platform from ABB that makes it easy to connect machines, infrastructure and production assets. A security vulnerability exists in ABB Abilit zenon build 11 through 11 build 106404, which stems from a vulnerability that allows a user with l...

CVE-2023-22039

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: WebClient. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human...

CVE-2023-36748

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

SAP MDS COMPARE TOOL SQL注入漏洞

SAP MDS COMPARE TOOL is a software application from SAP, Germany. SAP MDS COMPARE TOOL suffers from a SQL injection vulnerability that originates from allowing an attacker to exploit MDS COMPARE TOOL and read and modify database commands using specially crafted input...