231 matches found
PT-2024-37615 · Pepperl+Fuchs · Oit1500-F113-B12-Cb +7
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. Recommendations: At the moment,...
CVE-2024-31402
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos...
CVE-2024-3269
The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete...
CVE-2024-3269 Download Monitor <= 4.9.13 - Missing Authorization
The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete...
PT-2024-5292 · Unknown · Openapi Generator
Name of the Vulnerable Software and Affected Versions: OpenAPI Generator versions prior to 7.6.0 Description: The issue is related to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to bypass security restrictions a...
CVE-2021-20451
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643...
Vulnerability of the Server component: Security: Privileges of the Oracle MySQL Server database management system, which allows attackers to gain unauthorized access for reading, adding, modifying, or deleting protected information.
The vulnerability of the Server component, specifically the Security: Privileges section of the Oracle MySQL Server database management system, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, add,...
PT-2024-22976 · Abast · Scan Visio Edocument Suite Web Viewer
Name of the Vulnerable Software and Affected Versions: SCAN VISIO eDocument Suite Web Viewer of Abast affected versions not specified Description: A SQL Injection issue has been discovered, allowing an unauthenticated user to retrieve, update, and delete all database information. This issue was...
CVE-2024-26262
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even...
The vulnerability of the synchronization application for Qsync Central files arises from the improper assignment of permissions to the critical resource. This allows a malicious actor to gain access to read, modify, or delete data.
The vulnerability of the Qsync Central file synchronization application is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability may allow an attacker who operates remotely to gain access to read, modify, or delete data...
The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...
The vulnerability of the DB Privileges component of the Oracle Application Object Library in the Oracle E-Business Suite allows a perpetrator to gain access to read, modify, or delete data.
The vulnerability of the DB Privileges component of the Oracle Application Object Library in the Oracle E-Business Suite system for enterprise automation activities is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gai...
The vulnerability of the SMS sending function in OMICARD’s marketing messaging system allows a hacker to execute arbitrary SQL code and gain access to read, modify, or delete data.
The vulnerability of the SMS sending function in OMICARD’s marketing messaging system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code and gain access to read, modify, or delete data...
The vulnerability of the IBM Security Guardium information protection mechanism lies in its failure to protect the structure of SQL queries. This allows attackers to view, add, modify, or delete information in the internal database.
The vulnerability of the IBM Security Guardium security tool is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely access, view, add, modify, or delete information in the internal database...
The vulnerability of the SAP CommonCryptoLib library, related to deficiencies in authentication procedures, allows attackers to read, modify, or delete data with limited access.
The vulnerability of the SAP CommonCryptoLib library is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to read, modify, or delete data with limited access...
Online Pizza Ordering System SQL注入漏洞
Online Pizza Ordering System is an online pizza ordering system. Online Pizza Ordering System suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database via scripting...
PT-2023-7766 · Nagios · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the User macros function in Nagios XI, which has insufficient access control. This can be exploited by a remote attacker to read, modify, or delete data, or cause ...
PT-2023-6624 · Sap · Sap Commoncryptolib
Name of the Vulnerable Software and Affected Versions: SAP CommonCryptoLib affected versions not specified Description: The issue is related to insufficient authorization checks in the SAP CommonCryptoLib library. This can lead to an escalation of privileges, allowing a remote attacker to read,...
PT-2023-18697 · WordPress · Wp Directory Kit
Name of the Vulnerable Software and Affected Versions: WP Directory Kit plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is due to missing or incorrect nonce validation on the admin page display function, making it possible for unauthenticated attackers to delete o...
PT-2023-20582 · WordPress · Kivicare
Name of the Vulnerable Software and Affected Versions: KiviCare WordPress plugin versions prior to 3.2.1 Description: The issue concerns the lack of CSRF checks in various AJAX actions, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. This includes...