CVE-2023-37429

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37430

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

PT-2023-25968 · Riverbed · Edgeconnect Sd-Wan Orchestrator

Name of the Vulnerable Software and Affected Versions: EdgeConnect SD-WAN Orchestrator affected versions not specified Description: The web-based management interface of EdgeConnect SD-WAN Orchestrator contains multiple vulnerabilities that could allow an authenticated remote attacker to conduct...

LuxSoft LuxCal Web Calendar SQL注入漏洞

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A security vulnerability exists in LuxSoft LuxCal Web Calendar prior to version 5.2.3M, which stems from the presence of a SQL injection vulnerability that could allow an...

Credit Lite 1.5.4 SQL Injection Vulnerability

Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4407...

Design/Logic Flaw

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcallbackhandler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order...

CVE-2023-4040

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcallbackhandler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order...

The vulnerability of the Web interface for managing Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition systems allows a perpetrator to gain access to read or modify data in the database.

The vulnerability of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME web interfaces is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker to gain read or...

CVE-2023-3244 Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restoresettings function called via an AJAX action in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers with minimal...

CVE-2023-3244

CVE-2023-3244 — WordPress Comments Like Dislike vulnerability : The plugin (versions up to and including 1.1.9) exposes an unauthorized modification flaw via an AJAX action in restore_settings, due to a missing capability check. Authenticated users with minimal permissions (e.g., subscriber) can ...

WordPress Plugin Comments Like Dislike 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-23537 · Unknown · Online Travel Agency System

Name of the Vulnerable Software and Affected Versions: Online Travel Agency System version 1.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the costomer id parameter at the "customer edit.php" endpoint. This enables the attacker to manipulate database...

Ubuntu 22.04 LTS : Podman vulnerability (USN-6295-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6295-1 advisory. It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execu...

PT-2023-26143 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: novel-plus version 3.6.2 Description: The issue is a SQL injection vulnerability. This means that an attacker could potentially inject malicious SQL code into the database, allowing them to access or modify sensitive data. Recommendations: Fo...

The vulnerability of component B1i Layer of the SAP Business One resource management system allows a hacker to gain access to read, modify, or delete data.

The vulnerability of component B1i Layer in the SAP Business One resource management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely gain access to read, modify, or delete data by sending...

Code injection

B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the...

SAP Business One SQL Injection Vulnerability

SAP Business One is a set of enterprise management software from SAP. The software includes functionality for financial management, operations management, and human resource management. A SQL injection vulnerability exists in the SAP Business One B1i module, which originates from sending crafted...

WordPress Adivaha Travel 2.3 SQL Injection

Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection Exploit Author: CraCkEr Date: 29/07/2023 Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/...

The vulnerability of the software platform for managing operational data, related to errors in system settings or configuration, allows a perpetrator to read and modify arbitrary data in various system catalogs. This vulnerability enables unauthorized access and manipulation of system functions.

The vulnerability of the software platform for operating data management in ABB Ability zenon relates to errors in system settings or configuration. Exploiting this vulnerability can allow attackers to read and update arbitrary data in various system catalogs...

The vulnerability of the Networking component of the Java SE software platform and the Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines allows attackers to access, modify, add, or delete data.

The vulnerability of the Networking component of the Java SE software platform and the Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to, modify, add, o...