PT-2023-32850 · Devolutions · Devolutions Remote Desktop Manager

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2023.3.31 and earlier Description: The issue is related to inadequate validation of permissions when using remote tools and macros via the context menu. This allows a user to initiate a connection...

Apache StreamPark SQL Injection Vulnerability (CNVD-2024-0217486)

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit...

EmpireCMS SQL Injection Vulnerability (CNVD-2024-4321448)

EmpireCMS Empire Content Management System is an open source content management system CMS. SQL injection vulnerability exists in EmpireCMS v7.5, the vulnerability stems from the lack of validation of the ftppassword parameter in SetEnews.php for external input SQL statements, which can be...

PT-2023-7878 · Unknown · Itpison Omicard Edm

Name of the Vulnerable Software and Affected Versions: ITPison OMICARD EDM affected versions not specified Description: The SMS-related function in ITPison OMICARD EDM has insufficient validation for user input, allowing an unauthenticated remote attacker to inject arbitrary SQL commands. This ca...

CVE-2023-36652

A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter...

Sql injection

A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter...

CVE-2023-36652

A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter...

CVE-2023-36652

A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter...

osCommerce SQL Injection Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. An SQL injection vulnerability exists in osCommerce, which originates from the lack of validation of the parameter estimatecountryid in the file /b2b-supermarket/shopping-cart against externally entered...

Visitor Management System SQL Injection Vulnerability

Visitor Management System is a visitor management system. A SQL injection vulnerability exists in Visitor Management System v1.0, which originates from the parameter id of manageuser.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to...

D-Link DAR-7000 SQL注入漏洞

D-Link DAR-7000 is an Internet Behavior Audit Gateway from China AUO D-Link. A SQL injection vulnerability exists in the D-Link DAR-7000 mailrecvview.php file, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

Access Control Error Vulnerability in Cisco DNA Center API

Cisco DNA Center is a network management and command center service from Cisco USA. An access control error vulnerability exists in the Cisco DNA Center API, which can be exploited by a remote attacker to submit a special request that can read and modify database data and elevate privileges...

CVE-2023-23563

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection...

Online Travel Agency System article_edit.php File SQL Injection Vulnerability

Online Travel Agency System is an online travel agency system. A SQL injection vulnerability exists in Online Travel Agency System v1.0, which originates from a lack of validation of the articleedit.php parameter pageid against an externally-entered SQL statement. An attacker can exploit this...

ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66421)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66415)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66427)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

NETGEAR DGN3500 Buffer Overflow Vulnerability

The NETGEAR DGN3500 is a wireless router from NETGEAR. The NETGEAR DGN3500 version 1.1.00.37 suffers from a buffer overflow vulnerability, which originates from the httppassword parameter in setup.cgi failing to properly validate the length of the input data, which can be exploited by a remote...

ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66419)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66416)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...