CVE-2022-26856

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...

Improper access control

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...

DELL EMC Repository Manager 安全漏洞

Dell EMC is a repository manager. A plain text password storage vulnerability exists in Dell EMC. A local attacker could exploit this vulnerability to cause the disclosure of certain user credentials. An attacker could use this vulnerability to be able to use publicly available credentials to...

Attendance and Payroll System SQL注入漏洞

Attendance and Payroll System is a PHP/MySQLi source code attendance and payroll system from oretnom23 individual developers. sql injection vulnerability exists in Attendance and Payroll System, which can be exploited by remote attackers to submit special SQL requests to manipulate database, whic...

ASUS RT-AX56U SQL注入漏洞

The ASUS RT-AX56U is a wireless router from ASUS of Taiwan, China. A security vulnerability exists in the ASUS RT-AX56U, which can be exploited by an attacker to inject arbitrary SQL code to read, modify, and delete databases...

PT-2022-18162 · Unknown · Impresscms

Name of the Vulnerable Software and Affected Versions: ImpressCMS versions 1.4.3 and earlier Description: The issue allows remote attackers to inject code in an unintended way, enabling them to read and modify sensitive information from the database used by the application. If the system is...

ImpressCMS SQL注入漏洞

A SQL injection vulnerability exists in ImpressCMS, a database MySQL-driven, modular content management system, which can be exploited by attackers to read and modify sensitive information from the database used by the application...

CVE-2022-26856

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...

CVE-2021-32953

An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login...

CVE-2022-23183

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission...

CVE-2022-23183

CVE-2022-23183 affects WordPress plugin Advanced Custom Fields (ACF) and Advanced Custom Fields Pro, with versions prior to 5.12.1 vulnerable to missing authorization. A remote authenticated attacker could view database information without proper permissions. Root cause: insufficient access contr...

CVE-2022-23183

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission...

Advanced Custom Fields < 5.12.1 - Contributor+ Database Information Access

The plugin does not have proper authorisation which could allow users with a role as low as contributor to view information on the database without the access permission...

WordPress Advanced Custom Fields plugin <= 5.12 - Database Information Access vulnerability

Database Information Access vulnerability was discovered by Keitaro Yamazaki Ierae Security Inc in the WordPress Advanced Custom Fields plugin versions = 5.12. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 5.12.1...

JVN#42543427: WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization

WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains a missing authorization vulnerability CWE-862. Impact Users of this product Editor, Author, Contributor may view the information on the database without the access permission. Solution Update the plugin Update the...

CVE-2022-26013

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEdmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26338

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerPagePKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26349 Delta Electronics DIAEnergie SQL Injection in DIAE_eccoefficientHandler.ashx

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEeccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26069 Delta Electronics DIAEnergie SQL Injection in HandlerPage_KID.ashx

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerPageKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-0981

A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended...