CVE-2023-22105

Vulnerability in the BI Publisher product of Oracle Analytics component: Web Server. Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks requir...

CVE-2023-22076

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application...

The vulnerability of embedded Qualcomm data modems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of embedded Qualcomm data modems is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, add, or delete data remotely...

Siemens SICAM PAS/PQS 安全漏洞

Siemens SICAM PAS/PQS is a software from Siemens with an operating system for energy automation and power quality. Siemens SICAM PAS/PQS suffers from an incorrect privilege assignment vulnerability that can be exploited by an attacker to read and modify configuration data in the context of an...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. An access control error vulnerability exists in the Cisco DNA Center API, which can be exploited by a remote attacker to submit a special request that can read and modify database data and elevate privileges...

The vulnerability of the Fusion File Manager component in the PHP-Fusion CMS system allows a hacker to gain access to read and modify files.

The vulnerability of the Fusion File Manager CMS system’s PHP-Fusion component is related to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to gain access to and modify files through a specially created HTTP request...

CVE-2023-20211

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...

PT-2023-4390 · Cisco · Cisco Unified Communications Manager Session Management Edition +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME affected versions not specified Description: A vulnerability in the web-based management interface could allow ...

CVE-2023-3324

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...

PT-2023-4046 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA versions S4CORE 104 through 107 Description: The issue is related to insufficient access control in the Manage Journal Entry Template component of SAP S/4HANA. This can allow a remote attacker to read, modify, or delete files. Whe...

CVE-2023-32115

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...

SAP MDS COMPARE TOOL SQL注入漏洞

SAP MDS COMPARE TOOL is a software application from SAP, Germany. SAP MDS COMPARE TOOL suffers from a SQL injection vulnerability that originates from allowing an attacker to exploit MDS COMPARE TOOL and read and modify database commands using specially crafted input...

CVE-2021-4362

The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwisocialsharegetoption function called via the kiwisocialsharegetoption AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify...

CVE-2021-4362

The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwisocialsharegetoption function called via the kiwisocialsharegetoption AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify...

PT-2023-4250 · Sap · Sap Business One

Name of the Vulnerable Software and Affected Versions: SAP Business One B1i module version 10.0 Description: The issue is related to the lack of protection of the SQL query structure in the B1i Layer component of SAP Business One. This allows a remote attacker to send specially crafted queries to...

PT-2023-2595 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.6.0 Description: The issue is related to errors in handling symbolic links within the settings.DataFolder variable in the Docker Desktop for Windows platform. This can allow a remote attacker to gain read,...

Joomla SQL注入漏洞

Joomla is an open source, cross-platform content management system CMS developed using PHP and MySQL by the U.S. Open Source Matters team. Joomla 3 suffers from a security vulnerability that stems from improper use of input filters leading to SQL injection. An attacker exploiting the vulnerabilit...

Siemens SCALANCE 加密问题漏洞

Siemens SCALANCE is a series of Ethernet switches from Siemens, Germany. It connects to Industrial Control System ICS devices, including Programmable Logic Controllers PLCs and Human Machine Interface HMI systems. A vulnerability exists in Siemens SCALANCE due to an encryption issue, which arises...

The vulnerability of the Apache Fineract digital financial services platform, related to the lack of protection for the SQL query structure, allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Apache Fineract digital financial services platform relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to gain read, modify, or delete access to data...

CVE-2023-24840

HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database...