Sql injection

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

nodejs 环境问题漏洞

Nodejs Core is a core module compiled into Nodejs from the OpenJS Foundation. This module for Nodejs provides the underlying TCP, HTTP, DNS, file system, subprocesses and other functionality support. A security vulnerability exists in Node Core that can be exploited by an attacker to bypass acces...

Red Lion Crimson 3.1

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Red Lion Equipment: Crimson 3.1 Vulnerabilities: NULL Pointer Dereference, Missing Authentication for Critical Function, Improper Resource Shutdown or Release 2. RISK EVALUATION Successful...

Newgen Egov Correspondence Management System Security Breach

Newgen Egov Correspondence Management System is a correspondence management software for office environments from Newgen USA. A security vulnerability exists in Newgen eGov 12.0 Correspondence Management System, which can be exploited by an attacker to modify another user's personal information...

CVE-2020-24673

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations on the database such as shutdown the DBMS, recover the content of a given file present on the DBMS file...

mysql: InnoDB unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: InnoDB unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Oracle Unified Directory Denial of Service Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. A denial of service vulnerability exists in the Security component of Oracl...

CVE-2020-5359

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data...

CVE-2020-26828

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload script on target...

CVE-2020-5800

The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to...

Privilege Escalation

openjfx is vulnerable to Privilege Escalation. A attacker can gain elevated privileges and access and modify data and cause denial of service conditions on the target system...

The vulnerability of the file system of the IoT Field Network Director software management tool allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the access control function in the IoT network management software, Field Network Director, is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to gain access to modify, add, or...

Vulnerabilities fixed in NetApp products

Several NetApp products contain FasterXML jackson-databind. FasterXML jackson-databind versions 2.x prior to 2.9.10.4 are susceptible to vulnerabilities that, when successfully exploited, can lead to disclosure of sensitive information, addition or modification of data, or denial of service DoS...

mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu...

mysql: InnoDB unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Vulnerability of the NDBCluster Plugin of the MySQL Cluster database management system: This plugin allows attackers to modify, add, or delete data, or to cause service interruptions.

Vulnerability of the NDBCluster Plugin of the MySQL Cluster database management system: Insufficient validation of input data is a concern. Exploiting this vulnerability can allow an attacker to modify, add, or delete data, or cause service interruptions...

The vulnerability of the Integration Broker component in the Oracle PeopleSoft Enterprise PeopleTools business application package allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Integration Broker component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected...

The vulnerability of the PIA Core Technology component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the PIA Core Technology component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information or to...

Vulnerability of the MySQL Server component: Security: Roles of the database management system, allowing attackers to access, modify, add, or delete data.

Vulnerability of the MySQL Server component: Security: Roles of the database management system are related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker to gain access to modify, add, or delete data...