CVE-2021-40517

Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access...

PHP Event Calendar SQL注入漏洞

PHP Event Calendar is an open source AJAX-based multi-user modern event calendar. It is easy to integrate and fully customizable.PHP Event Calendar Lite Edition is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to obtain sensitive database data...

CVE-2020-28702

A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information...

PT-2021-11577 · Pybbscms · Pybbscms

Name of the Vulnerable Software and Affected Versions: PybbsCMS version 5.2.1 Description: A SQL injection issue in TopicMapper.xml allows attackers to access sensitive database information. Recommendations: For PybbsCMS version 5.2.1, update to a version that fixes this issue to prevent SQL...

CVE-2021-38459

The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user...

PT-2021-22149 · Auvesy · Versiondog

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a database connection to a server through a specific API, potentially allowing an unprivileged user to gain SYSDBA permissions. No...

Security fix for the ALT Linux 10 package samba version 4.14.8-alt1

4.14.8-alt1 built Oct. 20, 2021 Evgeny Sinelnikov in task 286522 Oct. 6, 2021 Evgeny Sinelnikov - Update to latest security release of Samba 4.14 - Fix performance regressions in lsaLookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache and address a signifcant in...

CVE-2021-42333

The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions...

Sql injection

The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions...

CVE-2021-42333 Huachu Digital Technology Co.,Ltd. Easytest - SQL Injection-1

The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions...

Easytest SQL注入漏洞

Easytest is an online learning quiz platform of China's Hua Ju Digital Technology, Inc. Easytest is vulnerable to SQL injection, which can be exploited by attackers to inject SQL commands into the parameters of the learning history page after gaining user privileges to access all databases and ga...

Aruba ClearPass Policy Manager SQL注入漏洞

HPE Aruba ClearPass Policy Manager is a Network Access Control NAC solution.A SQL injection vulnerability exists in HPE Aruba ClearPass Policy Manager. An attacker could use this vulnerability to obtain and modify sensitive information in the underlying database...

CVE-2021-40843

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...

Siemens SINEC NMS SQL注入漏洞

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements in the software. An attacker...

Siemens SINEC NMS SQL注入漏洞

SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements. An attacker could use this...

Siemens SINEC NMS SQL注入漏洞

SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from a lack of validation and escaping of SQL parameter statements. An attacker could use this...

Open Solutions For Education OpenSis-Classic SQL注入漏洞

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in openSIS version 8.0. The vulnerability stems from a lack of validation of input data for the $GET'usrid' and $GET'profid' parameters in PasswordCheck.php. An attacker can...

CVE-2021-41920

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sorcible, sorchamps, and sorordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain...

Sql injection

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sorcible, sorchamps, and sorordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain...

CVE-2021-29798

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734...