Lucene search
+L

96 matches found

Prion
Prion
added 2022/03/29 5:15 p.m.13 views

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTagKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

10CVSS9.7AI score0.01172EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/03/29 5:15 p.m.18 views

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerDialogKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

7.5CVSS9.7AI score0.01004EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/03/29 5:15 p.m.19 views

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEloopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

10CVSS9.7AI score0.09505EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/29 4:37 p.m.17 views

CVE-2022-26349 Delta Electronics DIAEnergie SQL Injection in DIAE_eccoefficientHandler.ashx

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEeccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

9.8CVSS9.9AI score0.01172EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2022/01/18 12:0 a.m.263 views

Online Resort Management System 1.0 SQL Injection

Exploit Title: Online Resort Management System 1.0 - SQLi Authenticated Date: 15/01/2022 Exploit Author: Gaurav Grover Vendor Homepage: Software Link: Version: 1.0 Tested on: Linux and windows both Summary: There are a vulnerabilities in Online Resort Management System ORMS 1. The attacker can...

0.2AI score
Exploits0
CNVD
CNVD
added 2021/06/04 12:0 a.m.4 views

Sourcecodester Online Shopping Alphaware SQL Injection Vulnerability (CNVD-2021-95931)

Sourcecodester Online Shopping Alphaware is a Buffalo company Sourcecodester open source an online shopping system application . Sourcecodester Online Shopping Alphaware version 1.0 has a SQL injection vulnerability that can be exploited by an attacker to inject an executable SQL statement to...

7.5CVSS7.7AI score0.02051EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/04 12:0 a.m.8 views

Sourcecodester Online Shopping Alphaware SQL Injection Vulnerability

Sourcecodester Online Shopping Alphaware is an open source application from Buffalo Sourcecodester. An online shopping system . Sourcecodester Online Shopping Alphaware 1.0 suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve all databases...

7.5CVSS7.7AI score0.02051EPSS
Exploits1References1
Prion
Prion
added 2021/06/02 5:15 p.m.12 views

Sql injection

The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases...

5CVSS7.8AI score0.02051EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/02/17 3:15 p.m.14 views

Sql injection

The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases...

5CVSS7.7AI score0.01494EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/02/17 2:32 p.m.20 views

CVE-2020-36003

The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases...

7.7AI score0.01494EPSS
Exploits1References3
NVD
NVD
added 2020/12/08 8:15 p.m.22 views

CVE-2020-14207

The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filterdiver parameter...

5.3CVSS5.8AI score0.01422EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/12/08 7:50 p.m.24 views

CVE-2020-14207

The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filterdiver parameter...

5.8AI score0.01422EPSS
Exploits1References2
Prion
Prion
added 2020/07/09 3:15 p.m.15 views

Sql injection

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket...

5CVSS7.9AI score0.02054EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/07/09 2:51 p.m.25 views

CVE-2020-13993

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket...

7.9AI score0.02054EPSS
Exploits1References1
NVD
NVD
added 2020/06/01 2:15 p.m.20 views

CVE-2020-8967

There is an improper Neutralization of Special Elements used in an SQL Command SQL Injection vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information...

10CVSS9.7AI score0.01034EPSS
Exploits0References1
OSV
OSV
added 2020/05/07 4:15 p.m.23 views

CVE-2020-12687

An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...

6.5CVSS6.6AI score
Exploits0References2
NVD
NVD
added 2020/03/18 10:15 p.m.17 views

CVE-2020-9423

LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...

10CVSS8.1AI score0.04885EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/03/18 9:4 p.m.28 views

CVE-2020-9423

LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...

9.1AI score0.04885EPSS
Exploits1References1
Prion
Prion
added 2018/09/21 3:29 p.m.19 views

Stack overflow

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can...

7.2CVSS7.3AI score0.00398EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2018/09/21 3:29 p.m.31 views

CVE-2018-3906

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack...

8.2CVSS7.8AI score0.0041EPSS
Exploits2References1
Rows per page
Query Builder