3894 matches found
Advantech WebAccess/SCADA
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to read or modify a remote database. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
CVE-2023-53877
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...
CVE-2025-13506
Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database.This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...
Insecure Storage Of Sensitive Information
Liferay Portal and Liferay DXP are vulnerable to insecure storage of sensitive information. The vulnerability is due to storing password reset tokens in plain text in the database, which allows an attacker with database access to retrieve the token, reset a user’s password, and take over the user...
CVE-2024-58316
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...
EUVD-2025-203080
Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database.This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...
CVE-2025-13506
Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database. This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...
CVE-2025-13506
Nebim V3 ERP (Nebim Neyir Computer Industry and Services Inc.) is affected by CVE-2025-13506 for versions 2.0.59 up to, but not including, 3.0.1. The issue is described as an Execution with Unnecessary Privileges vulnerability that enables expanding control over the operating system from the data...
CVE-2025-13506 Improper Authorization in Nebim Neyir's Nebim V3 ERP
Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database. This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...
EUVD-2024-55326
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks...
PT-2025-50927
Name of the Vulnerable Software and Affected Versions Nebim V3 ERP versions 2.0.59 through 3.0.0 Description An issue exists in Nebim V3 ERP that allows expanding control over the operating system from the database due to unnecessary privileges. Recommendations Update to a version later than 3.0....
CVE-2025-40819
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...
CVE-2025-40819
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...
PT-2025-49837
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system ticketinfo table to bypass license limitations without proper enforcement...
Galaxy Software Services Vitals ESP SQL注入漏洞
Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. Galaxy Software Services Vitals ESP suffers from a SQL injection vulnerability that originates from a SQL command injection that could result in reading the contents of the...
Galaxy Software Services Vitals ESP SQL注入漏洞
Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. Galaxy Software Services Vitals ESP suffers from a SQL injection vulnerability that stems from SQL command injection and could result in reading the contents of the database...
CVE-2025-66237
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...
CVE-2025-66237 Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...
CVE-2025-66237 Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...
CVE-2025-66237
CVE-2025-66237 affects Sunbird DCIM dcTrack and related platforms, where default and hard-coded credentials enable an authenticated attacker to administer the database, escalate privileges on the platform, or execute system commands on the host. Multiple sources confirm the existence of hard-code...