Lucene search
K

3908 matches found

Prion
Prion
added 2023/12/14 5:15 p.m.26 views

Design/Logic Flaw

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...

7.5CVSS8.7AI score0.01527EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/12/14 12:0 a.m.37 views

CVE-2023-47261

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...

10AI score0.01527EPSS
Exploits1References2
0day.today
0day.today
added 2023/12/08 12:0 a.m.427 views

osCommerce 4 SQL Injection Vulnerability

Exploit Title: osCommerce 4 - SQL Injection Exploit Author: CraCkEr Date: 22/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/b2b-supermarket/ Tested on: Windows 11 Home Impact: Database...

9.8CVSS9.7AI score0.23846EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/12/08 12:0 a.m.342 views

osCommerce 4 SQL Injection

Exploit Title: osCommerce 4 - SQL Injection Exploit Author: CraCkEr Date: 22/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/b2b-supermarket/ Tested on: Windows 11 Home Impact: Database...

9.8CVSS7.4AI score0.23846EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2023/11/29 2:20 p.m.4 views

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

8.8CVSS7.8AI score0.01572EPSS
Exploits0References5
Prion
Prion
added 2023/11/28 9:15 p.m.29 views

Information disclosure

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...

4.6CVSS6.8AI score0.00274EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.4 views

PT-2023-22122 · Unknown · Facschorus

Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, whi...

4.3CVSS4.4AI score0.00274EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/11/27 10:22 a.m.4 views

CVE-2023-40610 Apache Superset: Privilege escalation with default examples database

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

6.3CVSS8.9AI score0.01335EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/23 12:0 a.m.5 views

Artica Pandora FMS Path Traversal Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A path traversal vulnerability exists in Artica Pandora FMS versions 700 through 773, which stems from a path traversal in...

9.8CVSS6.8AI score0.00573EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.8 views

PT-2023-31571

Name of the Vulnerable Software and Affected Versions DRDrive versions prior to 20231006 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations For version...

9.8CVSS7.4AI score0.00713EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/11/20 12:0 a.m.4 views

LuxSoft LuxCal Web Calendar Security Vulnerability

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A security vulnerability exists in LuxSoft LuxCal Web Calendar versions prior to 5.2.4M and prior to 5.2.4L, which stems from the presence of a SQL injection vulnerability. An attack...

9.8CVSS8.2AI score0.0103EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/11/17 12:0 a.m.5 views

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, stems from the lack of protective measures for the SQL query structure. This allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries against the database remotely...

10CVSS8.2AI score0.28783EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/11/15 9:15 p.m.16 views

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

5.5CVSS0.00694EPSS
Exploits1References2
NVD
NVD
added 2023/11/14 11:15 a.m.28 views

CVE-2023-46601

A vulnerability has been identified in COMOS All versions. The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to...

9.6CVSS0.00521EPSS
Exploits0References1
Prion
Prion
added 2023/11/14 11:15 a.m.20 views

Design/Logic Flaw

A vulnerability has been identified in COMOS All versions. The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to...

5CVSS6.7AI score0.00521EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/14 5:5 a.m.2 views

OSS Calendar vulnerable to SQL injection

Overview OSS Calendar provided by Thinkingreed Inc. contains an SQL injection vulnerability CWE-89. Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

8.8CVSS8.1AI score0.01089EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.8 views

EMSigner OSS Calendar Security Vulnerability

EMSigner OSS Calendar is a calendar application from EMSigner Japan. A security vulnerability exists in EMSigner OSS Calendar prior to version v.2.0.3, which stems from the presence of a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request...

8.8CVSS8.2AI score0.01089EPSS
Exploits0References4
Veracode
Veracode
added 2023/11/13 10:35 a.m.14 views

SQL Injection

Piccolo is vulnerable to SQL Injection. The vulnerability is caused by a lack of user input validation while executing SQL statements. The input passed to connection.execute is not properly escaped. An attacker can exploit this vulnerability to obtain direct access to the database and has the...

9.1CVSS7.4AI score0.00776EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.10 views

PT-2023-6888 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache versions prior to 1.2.2 Description: The issue is related to the WP Fastest Cache WordPress plugin, which does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection...

10CVSS8AI score0.73708EPSS
Exploits11References21
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.4 views

PT-2023-30515 · Unknown · Oss Calendar

Name of the Vulnerable Software and Affected Versions: OSS Calendar versions prior to 2.0.3 Description: The issue allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request. This can be...

8.8CVSS8.8AI score0.01089EPSS
Exploits0References6
Rows per page
Query Builder