PT-2024-34342 · Unknown · Elefant Firebird

Name of the Vulnerable Software and Affected Versions: Elefant Firebird database versions prior to 24.03.03 Description: An unauthenticated attacker with access to the local network of a medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database...

CVE-2023-29119

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php...

RHEL 8 : Satellite 6.15.4.2 Async Update (Important) (RHSA-2024:8719)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8719 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

RHEL 8 : Satellite 6.14.4.3 Async Update (Important) (RHSA-2024:8718)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8718 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

CVE-2024-6479

The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'noofreviews' attribute in the woocommercereviews shortcode in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient...

Important: Red Hat Security Advisory: Satellite 6.14.4.3 Async Update

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat Satellite is a system...

CVE-2024-10440

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents...

The vulnerability of the SCKU Dome software, related to deficiencies in access control, allows attackers to gain access to the software’s database.

The vulnerability of the SCKU Dome software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to the software’s database...

PT-2024-7516 · Rockwell Automation · Rockwell Automation Thinmanager

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinManager affected versions not specified Description: An authentication issue exists in the affected product, allowing a threat actor with network access to send crafted messages to the device, potentially resulting in...

CVE-2024-20472

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

CVE-2024-20340

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability,...

CVE-2024-20340

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability,...

CVE-2024-20340

The CVE-2024-20340 issue affects Cisco Secure Firewall Management Center (formerly Firepower FMC) web-based management. The vulnerability is an SQL injection caused by insufficient validation of user-supplied input in the FMC web interface, exploitable by an authenticated attacker who has a valid...

CVE-2024-48509

Learning with Texts LWT 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain...

SQL Injection Vulnerability in Aifei Flow Control Router of AllConvergence Network Technology (Beijing) Co.

AiFast Flow Control Router is a router product of Quanxun Convergence Network Technology Beijing Co. Ltd. AiFast Flow Control Router has a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...

CVE-2019-25215

The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety ...

CVE-2024-48282

A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request...

CVE-2024-9980

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents...

PT-2024-33068 · Unknown · Phpgurukul User Registration & Login/User Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul User Registration & Login and User Management System version 3.2 Description: A SQL Injection issue was found in the /password-recovery.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized...

TAI Smart Factory QPLANT SF SQL注入漏洞

TAI Smart Factory QPLANT SF is a tool for managing and controlling production execution from TAI Smart Factory, Inc. A SQL injection vulnerability exists in TAI Smart Factory QPLANT SF version 1.0, which originates from allowing a remote attacker to retrieve all database information by sending a...