3898 matches found
VOTAB Voting Quiz PHP Script 1.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
CVE-2023-26203
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands...
CVE-2023-26203
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands...
Hardcoded credentials
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands...
CVE-2023-26203
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands...
CVE-2023-26203
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands...
CVE-2023-26203
Fortinet CVE-2023-26203 concerns a hard-coded credentials vulnerability (CWE-798) in FortiNAC-F 7.2.0 and FortiNAC 9.4.2 and earlier, 9.2 and earlier, 9.1 and earlier, 8.8 and earlier, 8.7 and earlier. An authenticated attacker could access the database via shell commands due to the credential ha...
Fortinet FortiNAC 信任管理问题漏洞
Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from the use of hard-coded credentials that could allow an...
Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2
Summary A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the Alerts controller, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Impact Authenticated users can extract arbitrary...
Chitor CMS 1.1.2 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
CVE-2022-38583
On versions of Sage 300 2017 - 2022 6.4.x - 6.9.x which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the...
CVE-2023-29257
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011...
DEBIAN-CVE-2021-23186
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system...
Chitor CMS 1.1.2 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
PT-2023-19177 · Joomla · Visforms Base Package For Joomla
Name of the Vulnerable Software and Affected Versions: Visforms Base Package for Joomla 3 affected versions not specified Description: The issue allows an attacker to interact with the database, potentially enabling them to read, modify, and delete data, due to the use of concatenation in...
8x8: Credential leak on GitHub: https://github.com/█/█/ (Peoplesoft CRM)
Credentials for a database associated with Peoplesoft CRM were leaked on GitHub. The leak was reported and the repository containing the credentials was taken down. The credentials were associated with a database that is no longer in use...
Archery SQL注入漏洞
Archery is an open source vulnerability assessment and management tool. Archery suffers from a SQL injection vulnerability that stems from the inclusion of multiple SQL injection vulnerabilities that could allow an attacker to query a connected database...