CVE-2025-5089

CVE-2025-5089 describes a DoS condition in Arista EOS CVX deployments where malformed messages between a CVX server and connected EOS Switch can crash SysDB on EOS or destabilize the CVX cluster, requiring high-privilege access to send crafted TCP packets. Affected products are Arista EOS with Cl...

EUVD-2025-210075

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

EUVD-2025-35283

Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise RDBMS Functional Index...

EUVD-2015-4328

Malware in sbrugna...

EUVD-2023-32456

Malicious code in bioql PyPI...

RuvarOA SQL Injection Vulnerability (CNVD-2024-33155)

RuvarOA is an office automation system of Ruvar China. A security vulnerability exists in RuvarOA v6.01 and v12.01, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

PT-2023-3643 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.19 Oracle Database Server versions 21.3 through 21.10 Description: The issue is related to insufficient input validation in the Unified Audit component of Oracle Database Server. It allows a...

CVE-2022-40824

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwhere function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40824

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwhere function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CodeIgniter SQL注入漏洞

CodeIgniter is an open source web framework written in PHP. A SQL injection vulnerability exists in CodeIgniter version 3.1.13 and earlier versions, which stems from a SQL injection problem in the orwherenotin method in the systemdatabaseDBquerybuilder.php location...

CVE-2021-38459

The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user...

CVE-2021-38475

The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...

SQL Injection Vulnerability in TCCMS (CNVD-2021-51272)

TCCMS is a content management system . Its core framework TC, with a large amount of data , high concurrency , easy to expand and so on. TCCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

CVE-2019-7751

A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation ...

CVE-2019-7751

A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation ...

CVE-2019-7751

A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation ...

Cisco UCS Director SCP User Default Credentials (cisco-sa-20190821-imcs-usercred)

According to its self-reported version, the remote host is running a version of Cisco UCS Director that uses default credentials for the 'scpuser' account. A remote attacker can exploit this to log into the system's CLI and execute arbitrary commands with the privileges of the 'scpuser' account,...

CVE-2019-3906

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

Hardcoded credentials

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

Damon Database Vulnerability for Overstepping Authority and Tampering with Data

DM7 is a new-generation database product designed by Damon on the basis of summarizing the R&D and application experience of DM series products, absorbing the advantages of mainstream database products, and adopting JAVA-like virtual machine technology. DM7 database has the vulnerability of...