Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in Parasolid, Solid Edge, TeamCenter, SoftwareCenter, SIMATIC, SICAM and Ruggedcom products. The vulnerabilities potentially enable a malicious party to execute attacks that could result in the following categories of damage: Denial-of-Service DoS. Manipulation o...

PT-2023-26604 · Unknown · Campcodes Beauty Salon Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Beauty Salon Management System version 1.0 Description: A critical vulnerability has been found in the system. The issue is related to an unknown function of the file /admin/del service.php, where the manipulation of the editid...

Locke-Bot SQL注入漏洞

Locke-Bot is a custom discord bot developed for LOCKE by HKing2802 Personal Developer. A security vulnerability exists in Locke-Bot version 2.0.2, which stems from an SQL injection vulnerability that allows remote attackers to run arbitrary SQL commands via a crafted string...

Progress Software MOVEit Transfer SQL注入漏洞

Progress Software MOVEit Transfer is an automated file transfer software from Progress Software, USA. The software supports file transfer and provides file transfer activity monitoring. A security vulnerability exists in Progress Software MOVEit Transfer that stems from an SQL injection...

PT-2023-25704 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.31 Description: Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31, an authenticated user is able to perform a SQL Injection, leading to a privilege...

PT-2023-25007 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical issue was found in the actionEdit function of the ?r=dashboard/roleadmin/edit&op=member endpoint, part of the Add User Handler component. The manipulation of the id argument leads to SQL injection...

PT-2023-22332 · Sourcecodester · Sourcecodester Faculty Evaluation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Faculty Evaluation System version 1.0 Description: A critical issue has been found in the SourceCodester Faculty Evaluation System, affecting some unknown functionality of the file "index.php?page=edit user". The manipulation o...

CVE-2022-47984

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163...

Apache Log4cxx SQL注入漏洞

Apache Log4cxx is a C++ logging framework modeled after Apache log4j from the Apache Foundation. An SQL injection vulnerability exists in Apache Log4cxx versions prior to 1.1.0 that stems from not properly escaping fields sent to the database when using the ODBC add-in to send log messages to the...

Service Provider Management System SQL注入漏洞

Service Provider Management System is a web-based application by Carlo Montero, an individual developer. It is designed to provide dynamic websites for service provider companies. A SQL injection vulnerability exists in Service Provider Management System version 1.0, which can be exploited by...

Campcodes Advanced Online Voting System SQL注入漏洞

Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the file /admin/votersrow.php, which can be...

PT-2023-17292

Name of the Vulnerable Software and Affected Versions Eskom Water Metering Software versions prior to 23.04.06 Description The issue is related to an SQL Injection vulnerability, which allows for Command Line Execution through SQL Injection. This is due to the improper neutralization of special...

Tailor Management System SQL注入漏洞

Tailor Management System is a tailor store management system by Warren Daloyan, an individual developer. A security vulnerability exists in Tailor Management System version v.1, which originates from a SQL injection vulnerability that can be exploited by an authenticated, remote attacker to execu...

HashiCorp Vault SQL注入漏洞

HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A SQL injection vulnerability exists in HashiCorp Vault versions 0.8.0 through 1.13.1, which stems from the fact that when configuring the MSSQL plugin locally, certain parameters are not cleaned up...

Ivanti Avalanche SQL注入漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. Ivanti Avalanche version 6.3.2.3490 suffers from a SQL injection vulnerability that stems from a crafted request in...

Best POS Management System SQL注入漏洞

Best pos management system is a best pos management system by Mayuri K. Personal developer. A security vulnerability exists in Best POS Management System version 1.0, which originates from a SQL injection vulnerability via the id parameter in /kruxton/manageuser.php...

PT-2023-19779 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin version 3.2.0 Description: The issue is a SQL injection vulnerability that can be exploited via the id parameter at the "/databases/database/edit" API endpoint. This allows for potential unauthorized access and manipulation of databa...

ByWater Solutions bywater-koha-xslt SQL注入漏洞

ByWater Solutions bywater-koha-xslt is ByWater Solutions' Koha repository for XSLT customization for ByWater partners. ByWater Solutions bywater-koha-xslt suffers from a SQL injection vulnerability that stems from manipulation of the parameter name that can lead to sql injection...

OpenCycleCompass server-php SQL注入漏洞

server-php is an OpenCycleCompass open source server for iBis applications. An SQL injection vulnerability exists in OpenCycleCompass server-php, which stems from an incorrect manipulation of the parameter user resulting in sql injection...

SUSE CVE-2009-3125

SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters...