83 matches found
CVE-2020-4062
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's...
Design/Logic Flaw
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's...
CVE-2020-5865
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks...
Code injection
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471 This repository provides environments and P...
Advantech WISE-PaaS/RMM DeviceMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceMg...
Advantech WISE-PaaS/RMM PowerMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the PowerMgm...
Advantech WISE-PaaS/RMM ProtectionMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Advantech WISE-PaaS/RMM SQLMgmt delData SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SQLMgmt...
Advantech WISE-PaaS/RMM SQLMgmt getTableInfo SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SQLMgmt...
ManaTI - A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts
Machine Learning for Threat Intuitive Analysis The goal of the ManaTI project is to develop machine learning techniques to assist an intuitive threat analyst to speed the discovery of new security problems. The machine learning will contribute to the analysis by finding new relationships and...
SolarWinds Log and Event Manager Postgres Database Security Bypass Vulnerability
SolarWinds Log and Event Manager is a log and event manager that provides real-time log analysis, memory event correlation, and threat attack response. A security bypass vulnerability exists in the Postgres database of SolarWinds Log and Event Manager 6.3.1, which stems from the database having a...
Mozilla InvestiGator: MIG
Mozilla InvestiGator Mozilla’s real-time digital forensics and investigation platform MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents...
SolarWinds Log and Event Manager < 6.3.1 Hotfix 4 Multiple Vulnerabilities
SolarWinds Log and Event Manager LEM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
ManageEngine EventLog Analyzer Remote Code Execution Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q...
ManageEngine EventLog Analyzer - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q This module exploits a SQL query functionality in...
Xerox DocuShare - SQL Injection
The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...
Multi Gather pgpass Credentials
This module will collect the contents of all users' .pgpass or pgpass.conf file and parse them for credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather pgpass Credentials',...
Nagios XI users.php SQL Injection
Nagios XI users.php SQL Injection Advisory Information Advisory ID: NGENUITY-2010-008 Date published: 8/24/2010 Vulnerability Information Class: SQL Injection SQLi Software Description Nagios XI is the commercial / enterprise version of the open source Nagios project. Vulnerability Description...
GLSA-200903-25 : Courier Authentication Library: SQL Injection vulnerability
The remote host is affected by the vulnerability described in GLSA-200903-25 Courier Authentication Library: SQL Injection vulnerability It has been reported that some parameters used in SQL queries are not properly sanitized before being processed when using a non-Latin locale Postgres database...