96 matches found
Sql injection
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTagKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
Sql injection
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerDialogKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
Sql injection
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEloopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
CVE-2022-26349 Delta Electronics DIAEnergie SQL Injection in DIAE_eccoefficientHandler.ashx
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEeccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...
Online Resort Management System 1.0 SQL Injection
Exploit Title: Online Resort Management System 1.0 - SQLi Authenticated Date: 15/01/2022 Exploit Author: Gaurav Grover Vendor Homepage: Software Link: Version: 1.0 Tested on: Linux and windows both Summary: There are a vulnerabilities in Online Resort Management System ORMS 1. The attacker can...
Sourcecodester Online Shopping Alphaware SQL Injection Vulnerability (CNVD-2021-95931)
Sourcecodester Online Shopping Alphaware is a Buffalo company Sourcecodester open source an online shopping system application . Sourcecodester Online Shopping Alphaware version 1.0 has a SQL injection vulnerability that can be exploited by an attacker to inject an executable SQL statement to...
Sourcecodester Online Shopping Alphaware SQL Injection Vulnerability
Sourcecodester Online Shopping Alphaware is an open source application from Buffalo Sourcecodester. An online shopping system . Sourcecodester Online Shopping Alphaware 1.0 suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve all databases...
Sql injection
The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases...
Sql injection
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases...
CVE-2020-36003
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases...
CVE-2020-14207
The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filterdiver parameter...
CVE-2020-14207
The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filterdiver parameter...
Sql injection
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket...
CVE-2020-13993
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket...
CVE-2020-8967
There is an improper Neutralization of Special Elements used in an SQL Command SQL Injection vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information...
CVE-2020-12687
An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...
CVE-2020-9423
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...
CVE-2020-9423
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...
Stack overflow
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can...
CVE-2018-3906
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack...