Sql injection

SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data insert/update/delete, perform database administration operations and, in some cases, execute commands on the...

PT-2023-7766 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the User macros function in Nagios XI, which has insufficient access control. This can be exploited by a remote attacker to read, modify, or delete data, or cause ...

PT-2023-6624 · Sap · Sap Commoncryptolib

Name of the Vulnerable Software and Affected Versions: SAP CommonCryptoLib affected versions not specified Description: The issue is related to insufficient authorization checks in the SAP CommonCryptoLib library. This can lead to an escalation of privileges, allowing a remote attacker to read,...

PT-2023-18697 · WordPress · Wp Directory Kit

Name of the Vulnerable Software and Affected Versions: WP Directory Kit plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is due to missing or incorrect nonce validation on the admin page display function, making it possible for unauthenticated attackers to delete o...

CVE-2023-20211

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...

PT-2023-4390 · Cisco · Cisco Unified Communications Manager Session Management Edition +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME affected versions not specified Description: A vulnerability in the web-based management interface could allow ...

The vulnerability of the software platform for managing operational data, related to errors in using standard permissions, allows a perpetrator to read and modify arbitrary data in various system catalogs. This vulnerability enables unauthorized access and manipulation of data within the ABB Ability zenon system.

The vulnerability of the software platform for operating data management in ABB Ability zenon relates to errors in the use of standard permissions. Exploiting this vulnerability allows attackers to read and update arbitrary data in various system catalogs...

DuxCMS 跨站请求伪造漏洞

DuxCMS is an open source content management system. A cross-site request forgery vulnerability exists in DuxCMS version 2.1, which originates from admin.php that allows remote attackers to modify application data via article/admin/content/add...

CVE-2023-3324

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...

ABB Abilit zenon 安全漏洞

ABB Abilit zenon is a secure operational data management platform from ABB that makes it easy to connect machines, infrastructure and production assets. A security vulnerability exists in ABB Abilit zenon build 11 through 11 build 106404, which stems from a vulnerability that allows a user with l...

CVE-2023-22039

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: WebClient. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human...

The vulnerability of the IBM Robotic Process Automation software lies in its authentication procedures’ flaws, which allow attackers to gain read, modify, or delete access to data.

The vulnerability of the IBM Robotic Process Automation software is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, or delete data...

CVE-2023-36748

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

SAP MDS COMPARE TOOL SQL注入漏洞

SAP MDS COMPARE TOOL is a software application from SAP, Germany. SAP MDS COMPARE TOOL suffers from a SQL injection vulnerability that originates from allowing an attacker to exploit MDS COMPARE TOOL and read and modify database commands using specially crafted input...

Design/Logic Flaw

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with...

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools, a resource management system, allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data...

Rockwell Automation ArmorStart ST 跨站脚本漏洞

Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation ArmorStart ST, which can be exploited by an attacker to view and modify sensitive data or...

CVE-2023-21905

Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications component: Routing Hub. Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

UBUNTU-CVE-2023-21999

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

WCFM Marketplace < 3.4.12 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify shipping method details/products, delete arbitrary posts, as well as lead to privilege escalation...