The vulnerability of the Video Station photo album creation application, related to the lack of measures to protect the SQL query structure, allows attackers to execute arbitrary code.

The vulnerability of the Video Station photo album creation application is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the QuMagie multimedia file storage application for QNAP NAS lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the QuMagie multimedia file storage application for QNAP NAS is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-49334

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report...

CVE-2024-5116

A vulnerability, which was classified as critical, has been found in SourceCodester Online Examination System 1.0. Affected by this issue is some unknown functionality of the file save.php. The manipulation of the argument vote leads to sql injection. The attack may be launched remotely. The...

Event Registration System SQL注入漏洞

Event Registration System is a QR code based event registration system by Carlo Montero's personal developer. An SQL injection vulnerability exists in Event Registration System version 1.0, which originates from an unknown function in /classes/Master.php that causes SQL injection via the...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is used by ZOHO USA, Inc. to simplify auditing, demonstrate compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to version 7271, which stems from a vulnerability that allows SQL injection in dashboard graphical...

The vulnerability of the Zabbix Workstation universal monitoring system, related to errors in processing input data, allows a intruder to execute arbitrary code.

The vulnerability of the Zabbix Workstation universal monitoring system is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted SQL query remotely...

PT-2024-34490 · Sourcecodester · Sourcecodester Simple Inventory System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Inventory System version 1.0 Description: A critical issue has been found in the SourceCodester Simple Inventory System, affecting the file tableedit.php. The manipulation of the from and to arguments leads to SQL...

Simple Inventory System SQL注入漏洞

Simple Inventory System is a simple inventory system by argie individual developer. SourceCodester Simple Inventory System version 1.0 suffers from a SQL injection vulnerability that stems from the parameter ITEM in the file updateprice.php that can lead to SQL injection...

OpenText Operations Bridge Reporter 安全漏洞

OpenText Operations Bridge Reporter is an informational reporting software from OpenText designed to provide organizations with resource, event, and response time reporting across server, network, and application environments. A security vulnerability exists in OpenText Operations Bridge Reporter...

Vulnerability of the Server component: The Audit Plug-in of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server component: The Audit Plug-in of the Oracle MySQL Server database management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL protocol...

PT-2024-27606 · WordPress · The Visualizer: Tables/Charts Manager

Name of the Vulnerable Software and Affected Versions: The Visualizer: Tables and Charts Manager for WordPress versions up to, and including, 3.10.15 Description: The issue is related to a missing capability check on the getQueryData function, allowing authenticated attackers with subscriber-leve...

PT-2024-33658 · Unknown · Simple Chat System

Name of the Vulnerable Software and Affected Versions: code-projects Simple Chat System version 1.0 Description: A critical issue has been found in the Simple Chat System, affecting an unknown part of the file /login.php. The manipulation of the email/password argument leads to SQL injection. It ...

Rockwell Automation FactoryTalk View SE 安全漏洞

Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation. Rockwell Automation FactoryTalk View SE suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in a back-end...

DigiWin EasyFlow .NET SQL注入漏洞

Digiwin DigiWin EasyFlow .NET is an enterprise-level workflow management WFM platform from Digiwin Software Taiwan, China. NET suffers from a SQL injection vulnerability that stems from a lack of validation of certain input parameters, which could allow a remote attacker to inject arbitrary SQL...

Online Examination System SQL Injection Vulnerability

Projectworlds Online Examination System is an online examination system from Projectworlds India. A SQL injection vulnerability exists in Online Examination System version 1.0, which stems from result.php containing unknown code that causes SQL injection via the parameter id...

The vulnerability of the application software interface of the BIG-IP Next Central Manager allows unauthorized access to protected information, enabling attackers to obtain the administrator’s password hash.

The vulnerability of the application software interface of the BIG-IP Next Central Manager relates to the disclosure of protected information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain the administrator’s password hash by executing a specially...

PT-2024-33324 · Unknown · Kashipara College Management System

Name of the Vulnerable Software and Affected Versions: Kashipara College Management System version 1.0 Description: A critical issue has been discovered, allowing for remote attacks. The problem arises from the manipulation of the id argument, leading to SQL injection in the view students each...

PT-2024-5194 · Siemens · Ruggedcom Crossbow

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.5 Description: The issue is related to the improper sanitization of input data before it is sent to the SQL server. This could allow an attacker to compromise the entire database by executing arbitrary...

Cyber Power Systems PowerPanel Enterprise 安全漏洞

Cyber Power Systems PowerPanel Enterprise is a software program from Cyber Power Systems designed to provide real-time PUE, PUE trends, and total energy use trends. A security vulnerability exists in Cyber Power Systems PowerPanel Enterprise prior to version v2.8.3 that stems from an SQL injectio...