186 matches found
Sql injection
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from...
Sql injection
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alertscount component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information...
CVE-2023-23574 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alertscount component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrar...
CVE-2023-23574 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alertscount component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrar...
CVE-2023-22378
Nozomi Networks Guardian and CMC (Nozomi Guardian/CMC) are affected by CVE-2023-22378, a blind SQL Injection vulnerability caused by improper input validation in the sorting parameter. The issue allows an authenticated attacker to execute arbitrary SQL on the target DBMS, with potential to exfilt...
CVE-2023-22378 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...
CVE-2023-22378 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...
ALSA-2023:4527 Moderate: postgresql:13 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...
Moderate: postgresql:10 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...
CVE-2022-4259
Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application...
Sql injection
Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application...
CVE-2022-4259 Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2
Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application...
CVE-2023-30546 Contiki-NG has off-by-one error in Antelope DBMS
Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System CFS backend for the storage of data file...
CVE-2023-30546 Contiki-NG has off-by-one error in Antelope DBMS
Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System CFS backend for the storage of data file...
ROS-20230407-02
The Redis DBMS vulnerability is related to a command injection error that exists due to a reachable assertion when processing the MSETNX command. Exploitation of the vulnerability could allow an attacker, acting remotely, to send a specially crafted MSETNX command, causing a denial of service,...
RLSA-2023:1576 Moderate: postgresql:13 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 For more...
Best pos Management System v1.0 - SQL Injection Vulnerability
Exploit Title: Best pos Management System v1.0 - SQL Injection Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link: https://www.sourcecodester.com/sites/default/files/download/mayurik/kruxton.zip Version:...
Human Resources Management System v1.0 - Multiple SQLi
Exploit Title: Human Resources Management System v1.0 - Multiple SQLi Date: 16/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.ht...
SUSE CVE-2012-3132
SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMSSTATS.GATHERTABLESTATS...
ROS-20230210-04
A vulnerability in the Redis database management system DBMS is related to the setrange and sort ro commands. Exploitation of the vulnerability could allow an attacker acting remotely to cause an integer overflow, resulting in the allocation of unacceptable amounts of memory...