58 matches found
CVE-2023-22378
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...
The vulnerability of the software platform for managing operational data, related to errors in system settings or configuration, allows a perpetrator to read and modify arbitrary data in various system catalogs. This vulnerability enables unauthorized access and manipulation of system functions.
The vulnerability of the software platform for operating data management in ABB Ability zenon relates to errors in system settings or configuration. Exploiting this vulnerability can allow attackers to read and update arbitrary data in various system catalogs...
USN-5835-2 glance vulnerability
Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that OpenStack Glance incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive...
Efence SQL注入漏洞
Thinking Software Technology Efence is a mobile device management solution from China-based Thinking Software Technology. A SQL injection vulnerability exists in Efence 1.2.58 DB.ver 28, which stems from insufficient validation of user input in the login function. An attacker could use this...
Security Bulletin: IBM Engineering Test Management is vulnerable to arbitrary data access due to XStream ( CVE-2020-26258, CVE-2020-26259 )
Summary IBM Engineering Test Management is vulnerable to remote attacker having access to snesitive data or to arbitrary files from system due to XStream. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when...
CVE-2021-27482
CVE-2021-27482 affects the OpENer EtherNet/IP stack (EIPStackGroup OpENer). It is an out-of-bounds read vulnerability triggered by specially crafted ENIP/CIP packets, potentially allowing an attacker to read arbitrary data from memory. Affected versions are OpENer releases prior to 2021-02-10, wi...
CVE-2022-1376
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEprivgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-26836
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2021-25413
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege...
CVE-2019-4582
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 167288...
Taffy has an unspecified vulnerability
Taffy is a data selection engine that supports insertion, updating and statistics. A security vulnerability exists in taffy 2.6.2 and earlier versions. An attacker can exploit the vulnerability to access arbitrary data entries in the DB with the help of user input with redundant attributes...
Jobberbase SQL Injection Vulnerability (CNVD-2020-04571)
Jobberbase is an open source platform for building job search websites. A SQL injection vulnerability exists in Jobberbase. The vulnerability stems from a lack of validation of externally entered SQL statements in the database-based application. An attacker can exploit this vulnerability to execu...
WordPress Viral Quiz Maker - OnionBuzz Plugin SQL Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Viral Quiz Maker - OnionBuzz plugin is one of the quiz plugins used in it. A SQL injection vulnerability exists in WordPress Viral Quiz...
Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2018-10987)
Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. Microsoft Windows suffers from an elevation of privilege vulnerability. The vulnerability arises because the Win32k component fails to properly handle objects in memor...
WordPress Plugin Car Rental System 2.5 - SQL Injection
WordPress Plugin Car Rental System 2.5 - SQL Injection Exploit Title: Car Rental System v2.5 Date: 28/03/2017 Exploit Author: TAD GROUP Vendor Homepage: https://www.bestsoftinc.com/ Software Link: https://www.bestsoftinc.com/car-rental-system.html Version: 2.5 Contact: infoattad.group Website:...
Itech News Portal Script 6.28 SQL Injection
Exploit Title: Itech News Portal Script v6.28 a SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/news-portal-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...
CVE-2008-2778
SQL injection vulnerability in inc/classsearch.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter...
PT-2005-3561 · Land Down Under · Land Down Under (Ldu) 800
Name of the Vulnerable Software and Affected Versions: Land Down Under LDU 800 Description: Multiple SQL injection issues allow remote attackers to execute arbitrary SQL commands via various parameters to different PHP files, including s or m parameter to "forums.php", o, w, s, or p parameter to...