Lucene search
K

148 matches found

CNVD
CNVD
added 2024/10/23 12:0 a.m.12 views

Mitel MiCollab SQL Injection Vulnerability (CNVD-2024-42932)

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A SQL injection vulnerability exists in Mitel MiCollab version 9.7.1.110 and earlier, which stems from insufficient validation of user input in...

7.2CVSS7.8AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2024/10/21 9:15 p.m.31 views

CVE-2024-35286

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

9.8CVSS0.65559EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 9:15 p.m.5 views

CVE-2024-35286

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

9.8CVSS7.7AI score0.65559EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 9:15 p.m.4 views

CVE-2024-30157

A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to...

7.2CVSS6AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/21 12:0 a.m.17 views

CVE-2024-30157

A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to...

0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/21 12:0 a.m.14 views

CVE-2024-30158

A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute...

7.3AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.4 views

Mitel MiCollab SQL注入漏洞

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A SQL injection vulnerability exists in Mitel MiCollab version 9.7.1.110 and earlier, which stems from insufficient validation of user input in...

7.2CVSS7.9AI score0.00403EPSS
Exploits0References2
CVE
CVE
added 2024/10/21 12:0 a.m.57 views

CVE-2024-30158

CVE-2024-30158 affects Mitel MiCollab web conferencing component (versions through 9.7.1.110). The issue is due to insufficient validation of user input, enabling an authenticated attacker with administrative privileges to perform a SQL injection, potentially executing arbitrary database and mana...

7.2CVSS8.2AI score0.00403EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.3 views

Mitel MiCollab SQL注入漏洞

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. Mitel MiCollab suffers from an SQL injection vulnerability that can be exploited by attackers to access sensitive information and perform...

9.8CVSS7.7AI score0.65559EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/21 12:0 a.m.19 views

CVE-2024-35286

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

9.8AI score0.65559EPSS
Exploits0References1
OSV
OSV
added 2024/09/10 3:15 p.m.2 views

CVE-2024-33508

An improper neutralization of special elements used in a command 'Command Injection' vulnerability CWE-77 in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted...

7.3CVSS5.9AI score0.01287EPSS
Exploits0References1
Veracode
Veracode
added 2024/07/08 9:39 a.m.8 views

Denial Of Service (DoS)

github.com/jackc/pgx is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of robust error handling Pipeline panicking when PgConn PostgreSQL connection is busy or closed, which can result in potential instability and crashes in applications using Pipeline for database...

7AI score
Exploits0
Prion
Prion
added 2024/01/19 9:15 p.m.30 views

Code injection

Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when...

6.5CVSS7AI score0.0067EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.7 views

PT-2023-20701 · Wedevs · Wedevs Dokan

Name of the Vulnerable Software and Affected Versions: weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy versions n/a through 3.7.12 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also...

8.1CVSS8.1AI score0.0057EPSS
Exploits0References5
NVD
NVD
added 2023/09/27 3:19 p.m.19 views

CVE-2023-43610

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...

8.8CVSS8.9AI score0.00909EPSS
Exploits0References2
OSV
OSV
added 2023/09/27 3:19 p.m.3 views

CVE-2023-43610

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...

8.8CVSS5.8AI score0.00909EPSS
Exploits0References2
Prion
Prion
added 2023/09/27 3:19 p.m.20 views

Sql injection

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...

6.5CVSS8.9AI score0.00909EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/26 8:19 a.m.27 views

CVE-2023-43610

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...

9.2AI score0.00909EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.5 views

PT-2023-30772 · Ncep · Ncep

Name of the Vulnerable Software and Affected Versions: Ncep versions prior to 20230914 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For version...

9.8CVSS9.7AI score0.00534EPSS
Exploits0References4
NVD
NVD
added 2023/08/14 7:15 p.m.18 views

CVE-2023-39292

A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations...

9.8CVSS9.7AI score0.00525EPSS
Exploits0References1
Rows per page
Query Builder