Lucene search
K

186 matches found

Prion
Prion
added 2023/08/09 9:15 a.m.14 views

Sql injection

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from...

4CVSS7AI score0.00508EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/08/09 9:15 a.m.14 views

Sql injection

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alertscount component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information...

4CVSS7AI score0.00504EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/08/09 8:39 a.m.34 views

CVE-2023-23574 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alertscount component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrar...

8.8CVSS7.6AI score0.00504EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/09 8:39 a.m.17 views

CVE-2023-23574 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alertscount component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrar...

8.8CVSS7.9AI score0.00504EPSS
Exploits0References1
CVE
CVE
added 2023/08/09 8:1 a.m.64 views

CVE-2023-22378

Nozomi Networks Guardian and CMC (Nozomi Guardian/CMC) are affected by CVE-2023-22378, a blind SQL Injection vulnerability caused by improper input validation in the sorting parameter. The issue allows an authenticated attacker to execute arbitrary SQL on the target DBMS, with potential to exfilt...

8.8CVSS7.9AI score0.00508EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/08/09 8:1 a.m.23 views

CVE-2023-22378 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...

8.8CVSS7.6AI score0.00508EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/09 8:1 a.m.15 views

CVE-2023-22378 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...

8.8CVSS7.5AI score0.00508EPSS
Exploits0References1
OSV
OSV
added 2023/08/08 12:0 a.m.31 views

ALSA-2023:4527 Moderate: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

7.2CVSS6.4AI score0.0119EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2023/08/08 12:0 a.m.48 views

Moderate: postgresql:10 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

7.2CVSS6.9AI score0.0119EPSS
Exploits0References6
NVD
NVD
added 2023/05/04 11:15 a.m.19 views

CVE-2022-4259

Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application...

8.8CVSS9AI score0.00598EPSS
Exploits0References1
Prion
Prion
added 2023/05/04 11:15 a.m.20 views

Sql injection

Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application...

6.5CVSS8.8AI score0.00598EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/05/04 10:38 a.m.21 views

CVE-2022-4259 Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2

Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application...

8.8CVSS9.1AI score0.00598EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/26 6:14 p.m.12 views

CVE-2023-30546 Contiki-NG has off-by-one error in Antelope DBMS

Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System CFS backend for the storage of data file...

9.8CVSS9.4AI score0.00638EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/26 6:14 p.m.22 views

CVE-2023-30546 Contiki-NG has off-by-one error in Antelope DBMS

Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System CFS backend for the storage of data file...

9.8CVSS9.5AI score0.00638EPSS
Exploits0References2
Redos
Redos
added 2023/04/07 12:0 a.m.67 views

ROS-20230407-02

The Redis DBMS vulnerability is related to a command injection error that exists due to a reachable assertion when processing the MSETNX command. Exploitation of the vulnerability could allow an attacker, acting remotely, to send a specially crafted MSETNX command, causing a denial of service,...

5.5CVSS6.5AI score0.54978EPSS
Exploits0
OSV
OSV
added 2023/04/06 3:52 p.m.22 views

RLSA-2023:1576 Moderate: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 For more...

7.1CVSS6.8AI score0.0152EPSS
Exploits0References3
0day.today
0day.today
added 2023/04/06 12:0 a.m.228 views

Best pos Management System v1.0 - SQL Injection Vulnerability

Exploit Title: Best pos Management System v1.0 - SQL Injection Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link: https://www.sourcecodester.com/sites/default/files/download/mayurik/kruxton.zip Version:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.131 views

Human Resources Management System v1.0 - Multiple SQLi

Exploit Title: Human Resources Management System v1.0 - Multiple SQLi Date: 16/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.ht...

7.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.4 views

SUSE CVE-2012-3132

SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMSSTATS.GATHERTABLESTATS...

6.5CVSS8.2AI score0.01822EPSS
Exploits0References4
Redos
Redos
added 2023/02/10 12:0 a.m.79 views

ROS-20230210-04

A vulnerability in the Redis database management system DBMS is related to the setrange and sort ro commands. Exploitation of the vulnerability could allow an attacker acting remotely to cause an integer overflow, resulting in the allocation of unacceptable amounts of memory...

5.5CVSS6AI score0.33269EPSS
Exploits0
Rows per page
Query Builder