3898 matches found
Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"
Overview WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains multiple missing authorization vulnerabilities listed below. Missing authorization related to database browsing CWE-862 - CVE-2021-20865 Missing authorization related to user list obtaining CWE-862 -...
CVE-2021-43360
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...
CVE-2021-43360
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...
Input validation
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...
CVE-2021-43360 Sunnet eHRD - Insecure Deserialization
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...
GoDaddy Breach Widens to Include Reseller Subsidiaries
The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected. The additional affected companies are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. The world’s larges...
Advantech R-SeeNet SQL注入漏洞
Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...
Apache Ozone 安全漏洞
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. Apache Ozone version 1.2.0 has a security vulnerability that allows an attacker to retrieve token data from the database and use it...
CVE-2021-35534
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...
Security feature bypass
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...
CVE-2021-35534 Insufficient Security Control Vulnerability
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...
Hitachi Energy Relion 访问控制错误漏洞
Hitachi Energy Relion is used by Hitachi Energy Switzerland to protect, control, measure, and monitor power systems. A security vulnerability exists in the internal database access mechanism of the Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600, which arises from the product'...
PT-2021-20957 · Hitachi Energy · Pwc600 +5
Name of the Vulnerable Software and Affected Versions: Hitachi Energy Relion 670 Series versions 2.0 through 2.2.3.4 Hitachi Energy Relion 670 Series version 2.2.4 Hitachi Energy Relion 670/650 Series versions 2.1 through 2.2.0 Hitachi Energy Relion 670/650 Series version 2.2.4 Hitachi Energy...
PT-2021-23823 · Meddata · Meddata Hbys
Name of the Vulnerable Software and Affected Versions: MedData HBYS versions prior to 1.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...
PT-2021-23822 · Unknown · Meddata Hbys
Name of the Vulnerable Software and Affected Versions: MedData HBYS versions prior to 1.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...
PT-2021-22653 · Unknown · Ipack Scada
Name of the Vulnerable Software and Affected Versions: Ipack SCADA Software versions prior to 1.1.0 Description: The issue is related to improper handling of parameters, allowing Blind SQL Injection. This can potentially be exploited to extract or modify sensitive data from the database...
Montala ResourceSpace SQL注入漏洞
ResourceSpace is a digital asset management tool that enables users to organize their digital assets. a SQL injection vulnerability exists in pages/editfields/9ajax/addkeyword.php in ResourceSpace. The vulnerability can be exploited by an attacker to execute arbitrary SQL commands via the k...
ChaosDB explained: Azure's Cosmos DB vulnerability walkthrough
This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers...
CVE-2021-40517
Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access...
Cross site scripting
Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access...