MariaDB 格式化字符串错误漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A format string error vulnerability exists in MariaDB due to a format string error in the CONNECT function implementation. A remote user wi...

Fortinet FortiAuthenticator Access Control Error Vulnerability

Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet, Inc. Fortinet FortiAuthenticator is vulnerable to an access control error that could be exploited by an attacker to connect directly to the FAC's database without authentication...

Xmpie Ustore 授权问题漏洞

Xmpie Ustore is a network printing solution from Xmpie USA. An authorization issue vulnerability exists in XMPie uStore that stems from the product allowing access to the application to steal database information via the included default administrative credentials. The following products and...

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

Online-Movie-Ticket-Booking-System-In-Php SQL注入漏洞

Online-Movie-Ticket-Booking-System-In-Php is an online movie booking system. Online-Movie-Ticket-Booking-System-In-Php suffers from a SQL injection vulnerability that stems from the about.php file not performing input validation on the id parameter. An attacker can append a SQL query to the input...

CVE-2021-36177

An improper access control vulnerability CWE-284 in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database...

Fortinet FortiAuthenticator 安全漏洞

Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet, Inc. Fortinet FortiAuthenticator is vulnerable to an access control error that could be exploited by an attacker to connect directly to the FAC's database without authentication...

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

Vulnerability fixed in McAfee Data Loss Prevention

A vulnerability has been fixed in McAfee Data Loss Prevention DLP. The vulnerability potentially allows a malicious party to execute code on the ePolicy Orchestrator-sever ePO. The malicious party must have access to the DLP database on the ePO server. Through a blind-SQL injection, it is possibl...

CVE-2022-23129

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when...

CVE-2022-23129

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when...

Sourcecodester Simple College Website SQL注入漏洞

Sourcecodester Simple College Website is a Sourcecodester open source application. A content management system, Sourcecodester Simple College Website is vulnerable to a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attack...

CVE-2021-25037

The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database e.g., usernames and hashed...

ZOHO ManageEngine Desktop Central MSP Information Disclosure Vulnerability

ZOHO ManageEngine Desktop Central MSP is a suite of desktop and mobile device management software for MSPs Managed Service Providers from ZOHO USA. The software enables MSPs to remotely manage desktops, servers, and mobile devices in their customer networks, and provides differentiated management...

ZOHO ManageEngine Desktop Central MSP 信息泄露漏洞

ZOHO ManageEngine Desktop Central MSP is a suite of desktop and mobile device management software for MSPs Managed Service Providers from ZOHO USA. The software enables MSPs to remotely manage desktops, servers, and mobile devices in their customer networks, and provides differentiated management...

SiPass integrated access control vulnerability (CNVD-2021-100378)

SiPass integrated is an access control system. With the SiPass integrated access control vulnerability, the affected application does not adequately restrict access to the internal active synopsis database. A remote attacker could exploit the vulnerability to read, modify, or delete, among other...

CVE-2021-44523

A vulnerability has been identified in SiPass integrated V2.76 All versions, SiPass integrated V2.80 All versions, SiPass integrated V2.85 All versions, Siveillance Identity V1.5 All versions, Siveillance Identity V1.6 All versions V1.6.284.0. Affected applications insufficiently limit the access...

CVE-2021-20865

CVE-2021-20865 affects the WordPress plugins Advanced Custom Fields (ACF) and Advanced Custom Fields Pro, with vulnerable versions prior to 5.11. The root cause is a missing authorization in the database-browsing pathway, potentially allowing an attacker to access unauthorized data via unspecifie...

CVE-2021-29678

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914...

IBM Db2 安全漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an Access Control Error vulnerability that originates when a networked system or...