CVE-2025-63740

SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the actstr parameter...

CVE-2025-63740

SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the actstr parameter...

CVE-2025-63742

Xinhu Rainrock RockOA 2.7.0 is identified as vulnerable to a SQL injection in function setwxqyAction of webmain/task/api/loginAction.php, exploitable via the shouji and userid parameters. The issue could reveal administrator accounts, password hashes, database structure, and other sensitive data....

Parse Server 安全漏洞

Parse Server is an open source backend for Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 8.5.0-alpha.5, which stems from allowing any client to execute an explain query without a master...

EUVD-2019-9574

Malware in sbrugna...

EUVD-2016-3636

Malware in sbrugna...

EUVD-2008-0203

Malware in sbrugna...

EUVD-2014-4871

Malware in sbrugna...

CVE-2025-54554

CVE-2025-54554 affects Tera Insights tiCrypt (tiaudit component) prior to 2025-07-17. The vulnerability allows unauthenticated REST API requests that disclose sensitive information about underlying SQL queries and database structure. Reported across multiple feeds (Red Hat, PT Security, CVE lists...

CVE-2025-54554

tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure...

CVE-2024-29968

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access...

CVE-2024-29968

CVE-2024-29968 is a vulnerability in Brocade SANnav prior to 2.3.1 and 2.3.0a where, when configured in disaster recovery mode, DR standby data is collected in Supportsave. This information disclosure could allow authenticated users to access the database structure and contents (SQL table/column ...

Broadcom Brocade SANnav 安全漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Brocade SANnav versions v2.3.1 and v2.3.0a that stems from an information disclosure vulnerability in Brocade SANnav when the Brocade SANnav instance is configured in disaster...

PT-2024-4305 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: An information disclosure issue exists in Brocade SANnav when instances are configured in disaster recovery mode, allowing authenticated users to access the...

SQL Table names, column names, and SQL queries are collected in DR standby Supportsave (CVE-2024-29968)

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access...

Apache IoTDB Access Control Error Vulnerability

Apache IoTDB is an integrated data management engine designed for time series data from the Apache Foundation that provides data collection, storage, and analysis services, among other things.Apache IoTDB version 0.13.0 contains an access control error vulnerability that stems from the inclusion ...

PYSEC-2022-43070

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...

GHSA-R3PQ-MP8V-CP33 phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page

Multiple cross-site scripting XSS vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 a crafted table name during table creation, or a 2 Empty link or 3 Drop link...

phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page

Multiple cross-site scripting XSS vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 a crafted table name during table creation, or a 2 Empty link or 3 Drop link...

CVE-2021-31827

In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...