PT-2024-19945 · Hcl · Hcl Dryice Optibot Reset Station

Name of the Vulnerable Software and Affected Versions: HCL DRYiCE Optibot Reset Station affected versions not specified Description: The issue concerns insecure encryption of security questions in the HCL DRYiCE Optibot Reset Station. This could potentially allow an attacker with access to the...

CVE-2024-35182

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

CVE-2024-35182 GHSL-2024-014 Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

CVE-2024-35182

Meshesry (Meshery) has a SQL injection vulnerability in the GetAllEvents path under /api/v2/events due to unsanitized sort query handling in events_streamer.go, allowing stacked queries and ATTACH DATABASE usage to write arbitrary files and access/modify database-stored data (e.g., performance pr...

silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...

CVE-2023-46807

An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database...

CVE-2023-46807

An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database...

CVE-2023-46806

An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database...

CVE-2023-46806

An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database...

CVE-2023-46807

CVE-2023-46807 describes an SQL Injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) web component. Affected: EPMM versions prior to 12.1.0.0. Vulnerability condition: authenticated user with appropriate privileges can access or modify data in the underlying database due to a flaw in ...

CVE-2023-46806

Summary : CVE-2023-46806 is an SQL Injection vulnerability in Ivanti EPMM (Endpoint Manager Mobile) reported to affect versions prior to 12.1.0.0. The flaw exists in a web component and can be triggered by an authenticated user with appropriate privileges to read or modify data in the underlying ...

MTab Bookmark 安全漏洞

MTab Bookmark is a clean cut powerful navigation site from MTab Inc. MTab Bookmark is a simple and powerful navigation site from MTab, which allows you to quickly add your favorite websites to your bookmarks. A security vulnerability exists in MTab Bookmark version 1.9.5, which originates from a...

PHP Shopping Cart SQL注入漏洞

PHP Shopping Cart is an open source shopping cart system by Phpjabbers. PHP Shopping Cart version 0.9 suffers from a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability that allows an attacker to retrieve all information stored in the database by sending a...

CVE-2024-32053

Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application...

CVE-2022-28132

The T-Soft E-Commerce 4 web application is susceptible to SQL injection SQLi attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication...

CVE-2022-28132

The T-Soft E-Commerce 4 web application is susceptible to SQL injection SQLi attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication...

T-Soft E-Commerce 安全漏洞

T-Soft E-Commerce is an e-commerce software from T-Soft. A security vulnerability exists in T-Soft E-Commerce 4. An attacker exploited the vulnerability to access and manipulate the database via specially crafted requests...

RuvarOA SQL Injection Vulnerability (CNVD-2024-33152)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the fileid parameter of the /filemanage/filememo.aspx file against external SQL input. An attacker can exploit this vulnerability t...

IBM Cognos Controller SQL Injection Vulnerability

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. An SQL injection vulnerability exists in IBM Cognos...

PT-2024-8596 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 November Security Update Ivanti Endpoint Manager versions prior to 2022 SU6 November Security Update Description: The issue is related to a lack of protection against SQL query structure...