CVE-2023-3264

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

CVE-2020-6214

SAP S/4HANA Financial Products Subledger, version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data,...

Le-show Medical Practice Management System SQL注入漏洞

Le-show Medical Practice Management System is an integrated management system for medical clinics by Le-show, a Chinese company. A SQL injection vulnerability exists in Le-show Medical Practice Management System V3.0.25 and prior versions, which stems from a SQL injection vulnerability that could...

The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260, a multi-functional instrument for measuring parameters of electrical circuits, allows a hacker to gain access to read, modify, and delete data.

The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260 multi-functional measurement instruments for electrical networks lies in the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker to gain access to read, modify, and delet...

The vulnerability of the XWiki platform for creating collaborative web applications lies in errors that occur when using privileged application programming interfaces (APIs). This allows a malicious individual to gain access to read, modify, and delete user accounts.

The vulnerability of the XWiki Platform relates to errors that occur when using privileged application programming interfaces APIs. Exploiting this vulnerability can allow a malicious actor to gain access to read, modify, and delete user accounts...

The vulnerability of the WPLMS training management system, a content management system for WordPress websites, allows an attacker to gain access to read, modify, or delete data.

The vulnerability of the WPLMS training management system involves incorrect restrictions on the path to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...

The vulnerability of the command-line interface (CLI) of the FortiRecorder surveillance system’s microprogramming software allows a perpetrator to gain access to read, modify, and delete any files they desire.

The vulnerability of the command-line interface CLI of the FortiRecorder surveillance system software relates to incorrect restrictions on the path name to the restricted-access directory. Exploiting this vulnerability can allow an attacker to gain read, modify, and delete access to arbitrary fil...

The vulnerability of the LibreOffice office software package arises from incorrect restrictions on the path to the restricted access directory. This allows attackers to gain read, modify, or delete access to data.

The vulnerability of the LibreOffice office software package is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...

aEnrich a+HRD SQL注入漏洞

aEnrich a+HRD is an all-in-one human resource development solution from Acer China aEnrich. A SQL injection vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which originates from allowing an attacker to inject arbitrary SQL commands to read, modify, and delete database content...

The vulnerability of the CLI command-line interface of the GitHub collaborative development platform involves an incorrect restriction on the path name to the restricted directory. This allows a malicious user to gain read, modify, or delete access to files.

The vulnerability of the CLI command-line interface of the GitHub collaborative development platform relates to incorrect path name restrictions for restricted directories when processing the artifact name and the --dir flag. Exploiting this vulnerability may allow a malicious actor to gain read,...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain read, modify, or delete access to data.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data by sendin...

The vulnerability of the Audio, Web, and Video Conferencing component of the MiCollab collaboration platform allows a perpetrator to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Audio, Web, and Video Conferencing component of the MiCollab collaboration platform is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to read, modify, or delete data...

The vulnerability of the SAP NetWeaver AS ABAP software integration platform, related to deficiencies in access control, allows a perpetrator to gain read, modify, or delete access to data.

The vulnerability of the SAP NetWeaver AS ABAP software integration platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain read, modify, or delete access to data by injecting CSS code or loading a specially created malicious page...

ChanGate Property Management System SQL注入漏洞

ChanGate Property Management System is a property management system from ChanGate. The ChanGate Property Management System suffers from a SQL injection vulnerability that could allow an unauthenticated, remote attacker to inject arbitrary SQL commands to read, modify, and delete database content...

PT-2024-10341 · Fortinet · Fortirecorder

Name of the Vulnerable Software and Affected Versions: Fortinet FortiRecorder versions 7.2.0 through 7.2.1 Fortinet FortiRecorder versions prior to 7.0.4 Description: The issue is related to a path traversal vulnerability, which allows a privileged attacker to access and delete files from the...

Dell InsightIQ 安全漏洞

Dell InsightIQ is a performance monitoring and reporting tool from Dell USA. A security vulnerability exists in Dell InsightIQ that originates from a file or directory that is accessible to an outside party. An unauthenticated, remote-access attacker could use this vulnerability to read, modify,...

PT-2024-38944 · Gether Technology · 6Shr System

Name of the Vulnerable Software and Affected Versions: 6SHR system from Gether Technology affected versions not specified Description: The 6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL...

CVE-2024-7202

The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

The vulnerability of FortiWeb web applications’ network firewalls, related to deficiencies in authentication procedures, allows attackers to gain read, modify, or delete access to data.

The vulnerability of FortiWeb web applications’ network firewalls is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain read, modify, or delete access to data by sending specially crafted requests...

PT-2024-3982 · Unknown · Redmine Dmsf Plugin

Name of the Vulnerable Software and Affected Versions: Redmine DMSF Plugin versions prior to 3.1.4 Description: The issue is related to a path traversal vulnerability in the Redmine DMSF Plugin, which can be exploited by a remote attacker to gain read, modify, or delete access to files. This...