PT-2023-19479 · Davinci · Davinci

Name of the Vulnerable Software and Affected Versions: Davinci version 0.3.0-rc Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the copyDisplay function. Recommendations: For Davinci version 0.3.0-rc, consider disabling the copyDisplay...

The vulnerability of the SICAM TOOLBOX II engineering software lies in the insufficient protection of the data transfer control protocol, allowing attackers to bypass access controls in the database service.

The vulnerability of the SICAM TOOLBOX II engineering software is related to insufficient protection of the data transfer control protocol. Exploiting this vulnerability can allow a malicious actor to gain access to the database using the 1522 TCP port...

CVE-2022-40678

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords...

CVE-2022-40678

CVE-2022-40678 concerns Fortinet FortiNAC where credentials are insufficiently protected. A local attacker with database access may recover user passwords in FortiNAC versions 9.4.0, 9.2.0–9.2.5, 9.1.0–9.1.7, 8.8.0–8.8.11, 8.7.0–8.7.6, 8.6.0–8.6.5, 8.5.0–8.5.4, 8.3.7. The issue is rooted in inade...

CVE-2022-40678

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords...

CVE-2022-40678

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords...

PT-2023-2200 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.7, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to insufficient protection of registratio...

SUSE CVE-2012-3441

The database creation script module/idoutils/db/scripts/createmysqldb.sh in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors...

SUSE CVE-2019-10784

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to vis...

CVE-2023-0019

In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...

Microsoft WDAC OLE DB provider for SQL 安全漏洞

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft WDAC OLE DB provider for SQL. The following products and editions are affected: Windows Server 2008 for...

CVE-2022-34388

Dell SupportAssist for Home PCs version 3.11.4 and prior and SupportAssist for Business PCs version 3.2.0 and prior contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of...

PT-2023-1843 · B&R · B&R Aprol

Name of the Vulnerable Software and Affected Versions: B&R APROL versions prior to R 4.2-07 Description: The issue is related to missing authentication when creating and managing the B&R APROL database, allowing unauthorized reading and modification of system configuration. This can be exploited...

CVE-2023-23944 Nexcloud Mail app temporarily stores cleartext password in database

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...

Nextcloud 安全漏洞

An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2...

SQL Injection Vulnerability in Language Play APP of Guiyang Language Play Technology Co.

Language Play App is a voice social chat software. Ltd. Language Play APP suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

eCommerce Marketplace Platform CMS 1.7 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Schneider Electric Easy UPS Online Monitoring Software 信任管理问题漏洞

Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from Schneider Electric France. Schneider Electric Easy UPS Online Monitoring Software suffers from a trust management issue vulnerability that stems from a use of hard-coded credentials vulnerability that could...

Sql injection

Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database...

CVE-2023-22900 Thinking Software Technology Co., Ltd. Efence - SQL Injection

Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database...