CVE-2023-30605

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...

Sql injection

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

Sql injection

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sqlapi/apiworkflow.py endpoint ExecuteCheck. User input...

Fortinet FortiAnalyzer Input Validation Error Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

SQL injection in SegmentAssignmentController.php

Description An administrator user can use the inheritableSegments feature to execute his own blind SQL queries. Proof of Concept The vulnerable php code is in src/Controller/Admin/SegmentAssignmentController.php, on method inheritableSegments: The parameter type is not escaped and is added on the...

Using InsightVM Remediation Projects To Ensure Accountability

One benefit of InsightVM reporting is that it enables security teams to build accountability into remediation projects. There are a number of ways this can be accomplished and the approach you take will be dictated by your organization’s specific structure and needs. In this blog, we’ll look at t...

Slimstat Analytics < 4.9.4 - Subscriber+ SQL Injection

The plugin does not prevent subscribers from rendering certain shortcodes that concatenate attributes directly into an SQL query. PoC...

CVE-2022-4770

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report .prpt...

CVE-2022-4770

Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 and 9.3.0.2 (including 8.3.x) disclose the full parametrized SQL query in an error message when a Pentaho Report (.prpt) contains an invalid character. This is an information disclosure vulnerability affecting the error-h...

PT-2023-2235 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 and 9.3.0.2, including 8.3.x Description: The issue is related to the error handling mechanism in Hitachi Vantara Pentaho Business Analytics Server, which displays th...

CVE-2022-42424

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2022-36976

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can levera...

CVE-2022-42428

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2022-42424

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2022-42425

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2023-27871

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

Code injection

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

CVE-2023-27871 IBM Aspera Faspex information disclosure

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

CVE-2023-27871 IBM Aspera Faspex information disclosure

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

CVE-2023-27871

CVE-2023-27871 affects IBM Aspera Faspex 4.4.2. A remote attacker could obtain sensitive credential information for an external user via a specially crafted SQL query, indicating an SQL injection in Faspex’s handling of external input. The related Red Hat/NCSC entries and IBM security bulletin co...