CVE-2021-34609

A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

IBM Datacap Taskmaster Capture SQL Injection Vulnerability

IBM Datacap Taskmaster Capture is a complete solution for document and data capture from IBM USA. Data and document images can be scanned, categorized, identified, validated, verified and exported quickly, accurately and cost-effectively. IBM Datacap Taskmaster Capture suffers from a SQL injectio...

PT-2021-10738 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 4.0 Description: The issue concerns a SQL injection vulnerability located in the hmsedit-profile.php file. This vulnerability can be exploited by remote unauthenticated users to obtain sensitive...

The vulnerability of the site/index.php/admin/pages/update component of the BigTree CMS system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the site/index.php/admin/pages/update component of the BigTree CMS system is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

The vulnerability of the WP_Query function (wp-includes/class-wp-query.php) in the WordPress content management system allows a hacker to execute arbitrary SQL commands.

The vulnerability of the WPQuery function wp-includes/class-wp-query.php in the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

CVE-2021-25647

Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly o...

CVE-2021-25647

Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly o...

Cross site scripting

Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly o...

CVE-2021-25647

Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly o...

Testesdecodigogratis Testes de Codigo Cross-Site Scripting Vulnerability

Testesdecodigogratis Testes de Codigo is a mobile application from Testesdecodigogratis Portugal that provides users with driver's license learning. A cross-site scripting vulnerability exists in Testesdecodigogratis Testes de Codigo v11.3 and prior that allows storing the "Feedback" message fiel...

The vulnerability in the vManage web interface of the programmatically defined Cisco SD-WAN network allows a attacker to modify records in certain database tables.

The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to modify records in certain database tables remotely...

VulnCheck KEV: CVE-2020-5722

Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root...

PT-2019-15902 · Zoho · Zoho Manageengine Applications Manager

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Applications Manager versions prior to 13640 Description: The issue allows for a remote authenticated SQL injection attack. This is achieved via the agentid parameter in the Agent servlet, which affects the Agent.java proces...

OpenSNS SQL Injection Vulnerability

OpenSNS is a Comprehensive Social Software developed by Thinking Sky Technology. A SQL injection vulnerability exists in OpenSNS 6.1.0. An attacker can exploit this vulnerability by using the index.php?s=/ucenter/Config/ uid parameter to perform a SQL injection attack...

EulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1554)

According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before...

CVE-2019-3906

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

MariaDB 10.0.0 < 10.0.37 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.37 advisory. - The crc32big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors...

UBUNTU-CVE-2018-13447

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter...

CVE-2018-1075

ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step...

CVE-2018-1075

ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step...