Delivery Controller fails to connect to local SQL Express database

Migrating databases for existing site from a full SQL server to a SQL Express instance running in the same VM as one of the Delivery Controllers causes the controller hosting the SQL Express not to be able to connect to the database, even after the correct machine account permissions and login...

PT-2023-5207 · Fortinet · Fortitester

Name of the Vulnerable Software and Affected Versions: FortiTester versions 2.3.0 through 7.2.3 Description: A cleartext storage of sensitive information issue may allow an attacker with access to the database contents to retrieve the plaintext password of external servers configured in the devic...

The vulnerability of the Web interface for managing Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition systems allows a perpetrator to gain access to read or modify data in the database.

The vulnerability of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME web interfaces is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker to gain read or...

CVE-2023-3264

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

CVE-2023-3262

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

PT-2023-26143 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: novel-plus version 3.6.2 Description: The issue is a SQL injection vulnerability. This means that an attacker could potentially inject malicious SQL code into the database, allowing them to access or modify sensitive data. Recommendations: Fo...

CVE-2023-39954 user_oidc app stores client secret unencrypted in database

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. useroidc...

PT-2023-27171 · User Oidc +1 · User Oidc +1

Name of the Vulnerable Software and Affected Versions: user oidc versions 1.0.0 through 1.3.2 Description: The issue affects the user oidc module, which provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. An attacker with at least read access to a snapshot of the...

CVE-2023-22378

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...

PT-2023-26716

Name of the Vulnerable Software and Affected Versions mAyaNet E-Commerce Software versions prior to 1.1 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

WordPress adivaha Travel Plugin 2.3 - SQL Injection Vulnerability

Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection Exploit Author: CraCkEr Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/ Version: 2.3...

SEMCMS SQL Injection Vulnerability (CNVD-2023-62957)

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. SEMCMS version 1.5 suffers from a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in the parameter id of /AntSuxin.php, which can be exploited b...

PT-2023-24314 · Suprema · Suprema Biostar 2

Name of the Vulnerable Software and Affected Versions: Suprema BioStar 2 versions prior to 2.9.1 Description: A SQL injection issue exists, allowing authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands. Recommendations: For Suprema BioSta...

PT-2023-20634 · Unknown · Cacheservice

Name of the Vulnerable Software and Affected Versions: Cacheservice affected versions not specified Description: The issue arises from the Cacheservice not correctly checking if relative cache objects point to the defined absolute location when accessing resources. This allows an attacker with...

PT-2023-4125 · Zkteco · Zkteco Bioaccess Ivs

Name of the Vulnerable Software and Affected Versions: ZKTeco BioAccess IVS version 3.3.1 Description: The issue is related to a lack of protection for the SQL query structure, which can be exploited to execute arbitrary SQL code. This can be done remotely. Recommendations: For ZKTeco BioAccess I...

ChainCity Real Estate Investment Platform 1.0 SQL Injection

Exploit Title: ChainCity Real Estate Investment Platform 1.0 - SQL Injection Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://script.bugfinder.net/chaincity/ Tested on: Windows 10 Pro Impact: Database Access Description SQL...

PT-2023-22340

Name of the Vulnerable Software and Affected Versions Oliva Expertise EKS versions prior to 1.2 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations For...

QuickQR 6.3.7 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

QuickJob 6.1 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

QuickVCard 2.1 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...