Lucene search
K

58 matches found

OSV
OSV
added 2023/08/09 9:15 a.m.2 views

CVE-2023-22378

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...

6.5CVSS6AI score0.00508EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/08/03 12:0 a.m.7 views

The vulnerability of the software platform for managing operational data, related to errors in system settings or configuration, allows a perpetrator to read and modify arbitrary data in various system catalogs. This vulnerability enables unauthorized access and manipulation of system functions.

The vulnerability of the software platform for operating data management in ABB Ability zenon relates to errors in system settings or configuration. Exploiting this vulnerability can allow attackers to read and update arbitrary data in various system catalogs...

7CVSS7.7AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2023/01/31 1:7 p.m.3 views

USN-5835-2 glance vulnerability

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that OpenStack Glance incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive...

5.7CVSS7AI score0.01025EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.3 views

Efence SQL注入漏洞

Thinking Software Technology Efence is a mobile device management solution from China-based Thinking Software Technology. A SQL injection vulnerability exists in Efence 1.2.58 DB.ver 28, which stems from insufficient validation of user input in the login function. An attacker could use this...

9.8CVSS8.8AI score0.01026EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/04 11:30 a.m.35 views

Security Bulletin: IBM Engineering Test Management is vulnerable to arbitrary data access due to XStream ( CVE-2020-26258, CVE-2020-26259 )

Summary IBM Engineering Test Management is vulnerable to remote attacker having access to snesitive data or to arbitrary files from system due to XStream. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when...

7.7CVSS1.3AI score0.82392EPSS
Exploits7Affected Software2
CVE
CVE
added 2022/05/12 7:18 p.m.84 views

CVE-2021-27482

CVE-2021-27482 affects the OpENer EtherNet/IP stack (EIPStackGroup OpENer). It is an out-of-bounds read vulnerability triggered by specially crafted ENIP/CIP packets, potentially allowing an attacker to read arbitrary data from memory. Affected versions are OpENer releases prior to 2021-02-10, wi...

7.5CVSS7.5AI score0.01229EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/02 7:15 p.m.3 views

CVE-2022-1376

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEprivgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

9.8CVSS6AI score
Exploits0References1
OSV
OSV
added 2022/03/29 5:15 p.m.7 views

CVE-2022-26836

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

9.8CVSS7.5AI score0.01172EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/06/11 2:33 p.m.23 views

CVE-2021-25413

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege...

5.7AI score0.00177EPSS
Exploits1References2
OSV
OSV
added 2020/08/13 12:15 p.m.5 views

CVE-2019-4582

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 167288...

4.3CVSS5.9AI score0.01359EPSS
Exploits0References2
CNVD
CNVD
added 2020/02/18 12:0 a.m.3 views

Taffy has an unspecified vulnerability

Taffy is a data selection engine that supports insertion, updating and statistics. A security vulnerability exists in taffy 2.6.2 and earlier versions. An attacker can exploit the vulnerability to access arbitrary data entries in the DB with the help of user input with redundant attributes...

7.5CVSS6.9AI score0.01877EPSS
Exploits1References1
CNVD
CNVD
added 2020/02/11 12:0 a.m.3 views

Jobberbase SQL Injection Vulnerability (CNVD-2020-04571)

Jobberbase is an open source platform for building job search websites. A SQL injection vulnerability exists in Jobberbase. The vulnerability stems from a lack of validation of externally entered SQL statements in the database-based application. An attacker can exploit this vulnerability to execu...

9.8CVSS8.2AI score0.01986EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/21 12:0 a.m.2 views

WordPress Viral Quiz Maker - OnionBuzz Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Viral Quiz Maker - OnionBuzz plugin is one of the quiz plugins used in it. A SQL injection vulnerability exists in WordPress Viral Quiz...

9.8CVSS8AI score0.04619EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/09 12:0 a.m.3 views

Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2018-10987)

Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. Microsoft Windows suffers from an elevation of privilege vulnerability. The vulnerability arises because the Win32k component fails to properly handle objects in memor...

7.2CVSS7.4AI score0.73721EPSS
Exploits18References1
exploitpack
exploitpack
added 2017/04/25 12:0 a.m.17 views

WordPress Plugin Car Rental System 2.5 - SQL Injection

WordPress Plugin Car Rental System 2.5 - SQL Injection Exploit Title: Car Rental System v2.5 Date: 28/03/2017 Exploit Author: TAD GROUP Vendor Homepage: https://www.bestsoftinc.com/ Software Link: https://www.bestsoftinc.com/car-rental-system.html Version: 2.5 Contact: infoattad.group Website:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/01/31 12:0 a.m.59 views

Itech News Portal Script 6.28 SQL Injection

Exploit Title: Itech News Portal Script v6.28 a SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/news-portal-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...

Exploits0
ATTACKERKB
ATTACKERKB
added 2008/06/19 8:41 p.m.1 views

CVE-2008-2778

SQL injection vulnerability in inc/classsearch.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter...

7.5CVSS6.4AI score0.0101EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2005/08/23 12:0 a.m.5 views

PT-2005-3561 · Land Down Under · Land Down Under (Ldu) 800

Name of the Vulnerable Software and Affected Versions: Land Down Under LDU 800 Description: Multiple SQL injection issues allow remote attackers to execute arbitrary SQL commands via various parameters to different PHP files, including s or m parameter to "forums.php", o, w, s, or p parameter to...

7.5CVSS8.6AI score0.01172EPSS
Exploits1References11
Rows per page
Query Builder