5734 matches found
Siemens RUGGEDCOM CROSSBOW SQL注入漏洞
Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a SQL injection vulnerability that can be exploited by an attacker to send arbitrary SQL commands to a SQL server...
Siemens RUGGEDCOM CROSSBOW SQL注入漏洞
Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a SQL injection vulnerability due to a failure of an affected client system to properly filter input data before sending it to the SQL server. An attacker could...
Microsoft OLE DB Provider for SQL Server 资源管理错误漏洞
Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation USA. allows access to data from a variety of sources in a unified way. A resource management error vulnerability exists in Microsoft WDAC OLE DB provider for SQL. The following products and editions are affected:Windows...
SAP Global Label Management SQL注入漏洞
SAP Global Label Management is a global label management system from SAP. SAP Global Label Management suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute illegal S...
PT-2024-5194 · Siemens · Ruggedcom Crossbow
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.5 Description: The issue is related to the improper sanitization of input data before it is sent to the SQL server. This could allow an attacker to compromise the entire database by executing arbitrary...
CVE-2024-25531
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of external SQL statements in the /WorkFlow/OfficeFileUpdate.aspx file. An attacker can exploit this vulnerability to execute illegal SQ...
PT-2024-20977 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sys file storage id parameter at the "/WorkFlow/wf work finish file down.aspx" API endpoint...
BlueNet Technology Clinical Browsing System SQL注入漏洞
BlueNet Technology Clinical Browsing System is a clinical browsing system from BlueNet Technology. A SQL injection vulnerability exists in BlueNet Technology Clinical Browsing System version 1.2.1, which stems from an incorrect manipulation of the parameter INSTICODE that can lead to SQL injectio...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the PageID parameter in the /WebUtility/SearchCondiction.aspx file against external SQL input. An attacker can exploit this...
CVE-2024-33148
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the list function...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the emailattachid parameter in the /LHMail/AttachDown.aspx file against external SQL input. An attacker can exploit this...
J2EEFAST 安全漏洞
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . A SQL injection vulnerability exists in J2EEFAST v2.7.0, which is caused by the lack of validation of the sqlfilter parameter...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter of the /WorkFlow/wffiledownload.aspx file against externally entered SQL statements. An attacker...
J2EEFAST 安全漏洞
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the myProcessList function of the...
CVE-2024-33411
A SQL injection vulnerability in /model/getadminprofile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the myindex parameter...
CVE-2024-34472
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an...
Roothub 安全漏洞
Roothub is a forum system developed using SSM and MySQL. A security vulnerability exists in Roothub v2.6, which was discovered to contain an SQL injection vulnerability via the "s" parameter in the search function...
The vulnerability of the PowerPanel Business’s monitoring and power source management system lies in the lack of measures to protect the SQL query structure. This allows attackers to execute arbitrary SQL code and write arbitrary files.
The vulnerability of the PowerPanel Business monitoring and power source management system lies in the lack of measures taken to protect the SQL query structure during the processing of MQTT messages. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code and write...
CVE-2023-51586
Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...