13181 matches found
CVE-2023-26217
The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases a...
Design/Logic Flaw
The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases a...
CVE-2023-26217 TIBCO EBX Add-ons SQL Injection Vulnerability
The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases a...
CVE-2023-26217 TIBCO EBX Add-ons SQL Injection Vulnerability
The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases a...
Sql injection
There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is...
Sql injection
There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex a...
TIBCO Software EBX Add-ons SQL注入漏洞
TIBCO Software EBX Add-ons is an add-on from TIBCO Software, Inc. that enhances the functionality of the Tibco Ebx data management platform. A security vulnerability exists in TIBCO EBX Add-ons versions 4.5.17 and earlier, 5.6.2 and earlier, and 6.1.0, which stems from an easily exploitable...
Sql injection
An SQL injection vulnerability in the Payplug payplug module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller...
CVE-2021-37522
SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js...
Sql injection
SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js...
TIBCO Security Advisory: July 18, 2023 - TIBCO EBX Add-ons -CVE-2023-26217
TIBCO EBX Add-ons SQL Injection Vulnerability Original release date: July 18, 2023 Last revised:--- CVE-2023-26217 Source: TIBCO SoftwareInc. Products Affected TIBCO EBX Add-ons versions 4.5.17 and below TIBCO EBX Add-ons versions 5.6.2 and below TIBCO EBX Add-ons version 6.1.0 The following...
CVE-2023-30153
An SQL injection vulnerability in the Payplug payplug module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller...
CVE-2023-30153
An SQL injection vulnerability in the Payplug payplug module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller...
CVE-2023-2760
An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to...
CVE-2023-2760
An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to...
Sql injection
An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to...
CVE-2023-2760 TAPHOME SQL Injection in Core Platform
An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to...
CVE-2023-30151
A SQL injection vulnerability in the Boxtal envoimoinscher module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the key GET parameter...
SQL Injection
langchain is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the call function in sqldatabase/base.py allows a malicious user to inject and execute arbitrary SQL queries on the target system via the SQLDatabaseChain component...
CVE-2023-32754
Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database...