CVE-2023-4538 Shared Key in Comarch ERP XL

The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL...

CVE-2023-4538

CVE-2023-4538 affects ERP XL (2020.2.2–2023.2). The vulnerability arises from database access credentials stored in a dedicated table, encrypted with a shared key identical across all ERP XL clients; a person with access to that table could retrieve plaintext passwords. Connected documents corrob...

Siemens SINEC NMS SQL注入漏洞

SINEC NMS is a new generation network management system NMS for digital enterprises. Siemens SINEC NMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL queries on the server database...

Microsoft WDAC OLE DB provider for SQL Security Vulnerability

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft WDAC OLE DB provider for SQL. The following products and versions are affected: Windows 10 Version 22H2...

The vulnerability of the php-scrm/login.php component of the Simple Customer Relationship Management System web application, which allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the php-scrm/login.php component in the Simple Customer Relationship Management System web application is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries against the databa...

The vulnerability of the NEXO-OS operating system in the Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner tools used in production lines allows a intruder to gain unauthorized access to the database.

The vulnerability of the NEXO-OS operating system for tools used in production line assembly work, such as the Bosch Nexo cordless nutrunner and the Bosch Nexo special cordless nutrunner, is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability ca...

The vulnerability of the NEXO-OS operating system in the Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner tools used in production lines allows a intruder to gain unauthorized access to the database.

The vulnerability of the NEXO-OS operating system for tools used in production line assembly work, such as the Bosch Nexo cordless nutrunner and the Bosch Nexo special cordless nutrunner, is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability ca...

CVE-2024-22432

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configure...

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in the ability to disclose information in the error-prone data area, allowing an intruder to gain unauthorized access to the database.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to the disclosure of information in the error-prone data area. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized acces...

CVE-2023-38738

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit...

CVE-2023-20271

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of...

Sql injection

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', a...

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS)

A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...

CVE-2023-48259

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request...

MCMS SQL Injection Vulnerability in Jiangxi Minsoft Technology Co.

MCMS is China's Ming Fei MingSoft company a complete open source J2ee system . Ltd. MCMS v5.2.9 version of the SQL injection vulnerability , the vulnerability stems from /content/list.do in the categoryType parameter lack of external input SQL statement validation , an attacker can use the...

CVE-2023-49622

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the materialbill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database...

PT-2023-30182

Name of the Vulnerable Software and Affected Versions GM Information Technologies MDO versions through 20231229 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. The...

PT-2023-31684 · Stylemixthemes · Stylemixthemes Booking Calendar

Name of the Vulnerable Software and Affected Versions: StylemixThemes Booking Calendar | Appointment Booking | BookIt versions n/a through 2.4.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allo...

PT-2023-31688 · WordPress · Funnelkit Funnel Builder

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder for WordPress versions through 2.14.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitati...

PT-2023-31884 · WordPress · Unofficial Mobile Bankid Integration For Wordpress

Name of the Vulnerable Software and Affected Versions: Unofficial Mobile BankID Integration for WordPress versions prior to 1.0.1 Description: The issue is related to a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database...