CVE-2023-29724

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with...

MoveIT SQL注入漏洞

MoveIT is a state-of-the-art software for robotic arm movement operations from MoveIT. MoveIT has a security vulnerability that originates from the presence of a SQL injection vulnerability. An attacker could use this vulnerability to access the database and perform change or delete operations...

PT-2023-22377 · Unknown · Bt21 X Bts Wallpaper

Name of the Vulnerable Software and Affected Versions: BT21 x BTS Wallpaper app version 12 for Android Description: The issue allows unauthorized applications to request permission to insert data into the database that records user personal preferences. This data is loaded into memory when the...

CVE-2023-28713

Plaintext storage of a password exists in CONPROSYS HMI System CHS versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information ...

CVE-2023-28824

Server-side request forgery vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database...

PT-2023-22374 · Unknown · Glitter Unicorn Wallpaper

Name of the Vulnerable Software and Affected Versions: Glitter Unicorn Wallpaper app versions 7.0 through 8.0 Description: The issue allows unauthorized apps to request permission to modify data in the database that records user personal preferences. This data is loaded into memory when the app i...

PT-2023-22375 · Google · Android

Name of the Vulnerable Software and Affected Versions: Glitter Unicorn Wallpaper app for Android versions 7.0 through 8.0 Description: The issue allows unauthorized applications to inject data into the database that stores user personal preferences, which can be loaded into memory and used when t...

PT-2023-3085

The vulnerable software is Progress MOVEit Transfer, which has a SQL injection vulnerability that allows unauthenticated access to the database. This vulnerability affects versions before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1. All versions before...

Faculty Evaluation System SQL注入漏洞

Faculty Evaluation System is a faculty evaluation system. A SQL injection vulnerability exists in Faculty Evaluation System, which can be exploited by an attacker to directly manipulate the database by constructing malicious query statements to obtain sensitive information or perform arbitrary...

PT-2023-17043 · Unknown · Mobilmen Terminal

Name of the Vulnerable Software and Affected Versions: Mobilmen Terminal Software versions prior to 3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

WBiz Desk 1.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

Sage Group Sage 300 安全漏洞

Sage Group Sage 300 is a well-established closed-source Enterprise Resource Planning ERP solution from Sage Group, UK, designed to facilitate ... A security vulnerability exists in Sage Group Sage 300. An attacker can exploit the vulnerability to recover used SQL connection strings and can create...

CVE-2023-1934

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...

CVE-2023-1934

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...

SDG Technologies PnPSCADA SQL注入漏洞

SDG Technologies PnPSCADA is an automated meter reading solution from SDG Technologies. SDG Technologies PnPSCADA suffers from a SQL injection vulnerability. An attacker exploiting this vulnerability could interact with the underlying database...

GaanaGawaana 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

PT-2023-3010 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions prior to 3.5.3 Description: The issue concerns the storage of passwords in plaintext within the CONPROSYS HMI System. Specifically, account information for the database is saved in a local file without...