CVE-2024-22131

In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...

The vulnerability of the synchronization application for Qsync Central files arises from the improper assignment of permissions to the critical resource. This allows a malicious actor to gain access to read, modify, or delete data.

The vulnerability of the Qsync Central file synchronization application is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability may allow an attacker who operates remotely to gain access to read, modify, or delete data...

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

The vulnerability of the DB Privileges component of the Oracle Application Object Library in the Oracle E-Business Suite allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the DB Privileges component of the Oracle Application Object Library in the Oracle E-Business Suite system for enterprise automation activities is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gai...

CVE-2024-20928

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...

CVE-2024-20908

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Advanced UI. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites...

The vulnerability of the Netty network programming framework arises from the existence of interpretation conflicts, which allow attackers to disclose and modify protected information.

The vulnerability of the Netty network programming framework is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a remote attacker to disclose and modify the protected information...

The vulnerability of the SMS sending function in OMICARD’s marketing messaging system allows a hacker to execute arbitrary SQL code and gain access to read, modify, or delete data.

The vulnerability of the SMS sending function in OMICARD’s marketing messaging system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code and gain access to read, modify, or delete data...

CVE-2023-49587

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...

The vulnerability of the IBM Security Guardium information protection mechanism lies in its failure to protect the structure of SQL queries. This allows attackers to view, add, modify, or delete information in the internal database.

The vulnerability of the IBM Security Guardium security tool is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely access, view, add, modify, or delete information in the internal database...

PYSEC-2023-241

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

The vulnerability of the SAP CommonCryptoLib library, related to deficiencies in authentication procedures, allows attackers to read, modify, or delete data with limited access.

The vulnerability of the SAP CommonCryptoLib library is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to read, modify, or delete data with limited access...

The vulnerability of the SICAM PAS/PQS automation software for controlling electrical energy facilities lies in the improper assignment of permissions for critical resources during the verification of the certificate signing request. This allows a violator to read and modify these configuration data within the context of the application process.

The vulnerability of the SICAM PAS/PQS software for automating control systems in electrical energy facilities is related to the incorrect assignment of permissions to critical resources. Exploiting this vulnerability could allow an attacker to read and modify configuration data during the...

CVE-2023-22121

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2023-22109

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Web Dashboards. Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access v...

CVE-2023-43700

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication...

Online Pizza Ordering System SQL注入漏洞

Online Pizza Ordering System is an online pizza ordering system. Online Pizza Ordering System suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database via scripting...

CVE-2023-20223

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

Improper access control

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. An access control error vulnerability exists in the Cisco DNA Center API, which can be exploited by a remote attacker to submit a special request that can read and modify database data and elevate privileges...