Lucene search
K

129 matches found

Prion
Prion
added 2021/01/19 10:15 a.m.17 views

Sql injection

HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter online registration to obtain database schema and data...

6.5CVSS9AI score0.01028EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/01/19 10:5 a.m.21 views

CVE-2021-22852 HGiga OAKloud Portal - SQL injection -2

HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter online registration to obtain database schema and data...

8.8CVSS9.3AI score0.01028EPSS
Exploits0References2
CVE
CVE
added 2021/01/19 10:5 a.m.43 views

CVE-2021-22852

HGiga EIP product contains a SQL Injection vulnerability disclosed in CVE-2021-22852. The vulnerability affects the product’s online registration URL parameter, allowing attackers to inject SQL commands to access database schema and data. The provided documents confirm the affected component (HGi...

8.8CVSS9.2AI score0.01028EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/01/19 10:5 a.m.16 views

CVE-2021-22851 HGiga OAKloud Portal - SQL injection -1

HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter document management page to obtain database schema and data...

9.8CVSS10AI score0.01156EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/19 12:0 a.m.4 views

HGiga EIP SQL Injection Vulnerability

A SQL injection vulnerability exists in HGiga EIP product, which can be exploited by an attacker to obtain database schema and data by injecting SQL commands into specific URL parameters online registration...

8.8CVSS5.9AI score0.01028EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/19 12:0 a.m.9 views

HGiga EIP SQL Injection Vulnerability

A SQL injection vulnerability exists in HGiga EIP product, which can be exploited by an attacker to inject SQL commands into specific URL parameters document management pages to obtain database schema and data...

9.8CVSS5.9AI score0.01156EPSS
Exploits0References2
Veracode
Veracode
added 2020/11/26 2:3 a.m.8 views

Information Disclosure

datasette-graphql is vulnerable to information disclosure. The vulnerability exists as it does not perform permission checks, allowing private database schema to be revealed...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2020/09/20 6:25 p.m.19 views

LY Corporation: Debugging panel exposure

Vulnerability description not provided...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2020/06/05 12:0 a.m.3 views

Zoho ManageEngine DataSecurity Plus Directory Traversal (CVE-2020-11531)

A directory traversal vulnerability exists in Zoho ManageEngine DataSecurity Plus. The vulnerability is due to lack of validation of the database schema name when handling a DR-SCHEMA-SYNC request in DataEngine Xnode Server application...

6.5CVSS1.9AI score0.13655EPSS
Exploits3
0day.today
0day.today
added 2020/05/09 12:0 a.m.97 views

ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution. ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities Identifiers...

6.5CVSS0.3AI score0.13655EPSS
Exploits3
NVD
NVD
added 2020/05/08 9:15 p.m.27 views

CVE-2020-11531

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...

8.8CVSS8.7AI score0.13655EPSS
Exploits3References3
Prion
Prion
added 2020/05/08 9:15 p.m.24 views

Directory traversal

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...

6.5CVSS8.6AI score0.13655EPSS
Exploits3References3Affected Software2
CNVD
CNVD
added 2020/04/17 12:0 a.m.2 views

ALLE INFORMATION School Manage System SQL Injection Vulnerability

ALLE INFORMATION School Management System is a school management system from ALLE INFORMATION in Taiwan, China. A SQL injection vulnerability exists in versions of ALLE INFORMATION School Manage System prior to 2020. The vulnerability can be exploited to obtain the database schema and...

9.8CVSS7.9AI score0.01065EPSS
Exploits0References1
NVD
NVD
added 2020/04/15 7:15 a.m.13 views

CVE-2020-10505

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password...

9.8CVSS9.8AI score0.01065EPSS
Exploits0References2
OSV
OSV
added 2020/03/13 12:32 p.m.1 views

SUSE-SU-2020:0670-1 Recommended update for SUSE Manager Server 3.2

This update fixes the following issues: spacewalk-setup: - Create AJP connector for tomcat if it does not exist bsc1165927, bsc1166388 How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either...

7.1AI score
Exploits0References3
CNVD
CNVD
added 2019/11/27 12:0 a.m.2 views

Unspecified Vulnerability in Pegasystem PEGA Platform

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. A security vulnerability exists in...

8.1CVSS6.7AI score0.01045EPSS
Exploits1References1
OSV
OSV
added 2019/11/26 6:15 p.m.4 views

CVE-2019-16386

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=randomharnessid request to get database schema information while using a low-privilege account. NOTE: The vendor states that this...

4.3CVSS5.8AI score0.00783EPSS
Exploits1References1
NVD
NVD
added 2019/11/26 6:15 p.m.9 views

CVE-2019-16386

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=randomharnessid request to get database schema information while using a low-privilege account. NOTE: The vendor states that this...

4.3CVSS4.5AI score0.00783EPSS
Exploits1References1
Prion
Prion
added 2019/11/26 6:15 p.m.13 views

Information disclosure

DISPUTED PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=randomharnessid request to get database schema information while using a low-privilege account. NOTE: The vendor states that this...

4CVSS4.6AI score0.00783EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/11/26 5:23 p.m.14 views

CVE-2019-16386

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=randomharnessid request to get database schema information while using a low-privilege account. NOTE: The vendor states that this...

4.5AI score0.00783EPSS
Exploits1References1
Rows per page
Query Builder