CVE-2021-29903

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506...

Hotel-Mgmt-System SQL注入漏洞

Hotel-Mgmt-System is a hotel management system. A SQL injection vulnerability exists in Raymart DG / Ahmed Helal Hotel-mgmt-system, where a malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in processupdateprofile.php...

Design/Logic Flaw

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions...

Solarwinds Orion Platform SQL注入漏洞

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...

CVE-2020-18913

EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcmsweb/Search.php component via the attrarray parameter. This vulnerability allows attackers to access sensitive database information...

Nuance Winscribe Dictation SQL Injection Vulnerability

Nuance Winscribe Dictation is an automated workflow solution from Nuance. Create and share high-quality documents and simplify complex workflows in a more efficient and flexible way. Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection. The vulnerability stems from the fact that the...

Hitachi ABB Power Grids Retail Operations and CSB Products

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: Hitachi ABB Power Grids Equipment: Retail Operations and Counterparty Settlement Billing CSB Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

Nagios XI SQL注入漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A SQL injection vulnerability exists in the Bulk Modification Tool in versions of Nagios XI prior to 5.8.5. The vulnerability stems fr...

CVE-2021-37599

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database and execute code in some situations via the txtPassword parameter...

CVE-2021-37599

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database and execute code in some situations via the txtPassword parameter...

Sql injection

A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information...

CVE-2020-20981

MetInfo 7.0 contains a SQL injection in the admin/logs dolist path (/admin/?n=logs&c=index&a=dolist) that can lead to access to sensitive database information. This is confirmed across multiple records (NVD description, Red Hat, NVD listing, and CNVD/CVE aggregations). The vulnerability affects t...

CVE-2021-38159

In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

CVE-2021-38159

In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

Sql injection

In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

CVE-2021-38159

CVE-2021-38159 affects Progress MOVEit Transfer web applications; versions before 2021.0.4 (13.0.4) are vulnerable to unauthenticated SQL injection. An attacker could access the backend database, potentially inferring schema/data or executing statements that alter or delete elements, with impact ...

CVE-2021-38159

In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

CVE-2021-37614

In certain Progress MOVEit Transfer versions before 2021.0.3 aka 13.0.3, SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

CVE-2021-37614

In certain Progress MOVEit Transfer versions before 2021.0.3 aka 13.0.3, SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

Sql injection

In certain Progress MOVEit Transfer versions before 2021.0.3 aka 13.0.3, SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...