Piwigo SQL注入漏洞

Piwigo is a set of Web-based open source image library software. Piwigo v11.5 contains a security vulnerability in /admin/batchmanagerglobal.php in which the parameter pwgtoken is not sufficiently escaped and filtered. No details of the vulnerability are available at this time...

Broadcom CA Network Flow Analysis SQL注入漏洞

Broadcom CA Network Flow Analysis is a network traffic monitoring solution from Broadcom Corporation USA. A SQL injection vulnerability exists in Broadcom CA Network Flow Analysis NFA version 21.2.1 and earlier, which could allow an authenticated attacker to access sensitive data...

Dell Emc Streaming Data Platform SQL注入漏洞

Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in Dell Emc Streaming Data Platform, which arises from a database-based application that lacks validation of externally entered SQL...

When PgBouncer is configured to use "cert" authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.

...

The vulnerability of the ePolicy Orchestrator extension of the McAfee Data Loss Prevention software allows a perpetrator to execute arbitrary SQL code.

The vulnerability of the ePolicy Orchestrator extension of the McAfee Data Loss Prevention software lies in the lack of measures taken to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

The vulnerability of the online shopping system – online-shopping-system-advanced – related to the failure to implement measures to neutralize specific elements, allows a hacker to execute arbitrary SQL code.

The vulnerability of the online-shopping-system-advanced system is related to the failure to eliminate certain special elements during the processing of the /homeaction.php catid parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code using a specially...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...

PgBouncer 信任管理问题漏洞

PgBouncer is an open source lightweight connection pool for PostgreSql from the PgBouncer community. A vulnerability with trust management issues exists in PgBouncer. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleanup of...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleanin...

CVE-2021-40129

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker...

Web-Attack-Cheat-Sheet

It is an offensive tool for web application security testing. The repository contains a comprehensive web attack cheat sheet, covering various techniques for discovering, enumerating, scanning, and monitoring web applications. The tool covers topics such as IP and subdomain enumeration, cache and...

oretnom23 Company Recruitment Management System SQL注入漏洞

oretnom23 Company Recruitment Management System is an open source Company Recruitment Management System from the individual developers of oretnom23. A SQL injection vulnerability exists in oretnom23 Company Recruitment Management System, which can be exploited by attackers to perform SQL injectio...

Cisco Common Services Platform Collector SQL注入漏洞

Cisco Common Services Platform Collector CSPC is an SNMP-based tool that discovers and collects information from Cisco devices installed on the network. configuration of Cisco Common Services Platform Collector prior to version 2.9.1.1 The dashboard is vulnerable to SQL injection, which can be...

PT-2021-23640 · Unknown · Sourcecodester Online Learning System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Learning System version 2.0 Description: The issue concerns SQL injection authentication bypass in the admin login file /admin/login.php and authenticated file upload in the Master.php file. These vulnerabilities can be...