Lucene search
K

77 matches found

Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.4 views

PT-2024-22967 · Sportsnet · Sportsnet

Name of the Vulnerable Software and Affected Versions: SportsNET version 4.0.1 Description: The issue concerns SQL injection vulnerabilities that could allow an attacker to retrieve, update, and delete all information in the database by sending a specially crafted SQL query to the API endpoint:...

9.8CVSS7.6AI score0.00408EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/04/25 8:39 a.m.30 views

CVE-2024-25917 WordPress WP Setup Wizard plugin <= 1.0.8.1 - Auth. Full Database Download Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1...

8.8CVSS8.8AI score0.00644EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.7 views

Webkil QloApps SQL注入漏洞

Webkil QloApps is free open source hotel booking and online reservation system. A security vulnerability exists in Webkul QloApps version 1.6.0, which stems from a SQL injection vulnerability in the GET parameter. An attacker can exploit the vulnerability to bypass the authentication and...

7.5CVSS7.6AI score0.03157EPSS
Exploits1References2
OSV
OSV
added 2022/11/29 9:15 p.m.4 views

CVE-2022-36962

SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands...

7.2CVSS6AI score0.0901EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/27 12:0 a.m.4 views

PT-2022-15494 · Carlo Gavazzi · Carlo Gavazzi Uwp3.0

Name of the Vulnerable Software and Affected Versions: Carlo Gavazzi UWP3.0 affected versions not specified CPY Car Park Server version 2.8.3 Description: An unauthenticated remote attacker could utilize a SQL-Injection issue to gain full database access, modify users, and stop services...

9.4CVSS9.4AI score0.00928EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/09/16 2:15 a.m.3 views

CVE-2022-26959

There are two full read/write Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp pag...

10CVSS6AI score0.00774EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.3 views

Open Solutions For Education OpenSis-Classic SQL注入漏洞

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in openSIS version 8.0. The vulnerability stems from a lack of validation of input data for the $GET'usrid' and $GET'profid' parameters in PasswordCheck.php. An attacker can...

9.8CVSS8.7AI score0.0108EPSS
Exploits1References2
Hacker One
Hacker One
added 2020/11/28 12:47 p.m.104 views

Automattic: SQL Injection Union Based

Summary: Hello, I have found a SQL Injection Union Based on https://intensedebate.com/commenthistory/$YourSiteId The $YourSiteId into the url is vulnerable to SQL Injection. Steps to reproduce 1. Logging into https://intensedebate.com 2. After create your own site on...

0.3AI score
Exploits0
OSV
OSV
added 2020/08/26 2:15 p.m.5 views

CVE-2020-24315

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database...

7.5CVSS7.2AI score0.02035EPSS
Exploits1References2
Hacker One
Hacker One
added 2020/04/04 2:15 p.m.94 views

Zomato: [www.zomato.com] Blind SQL Injection in /php/geto2banner

Hi Team! Our team discovered a Blind SQL Injection by Abusing LocalParams resid in /php/geto2banner We are working to create a full PDF Report as an WriteUp ; Here is a Temporal Exploit based on the Vulnerable request: POST /php/geto2banner HTTP/1.1 Host: www.zomato.com Connection: close...

Exploits0
BDU FSTEC
BDU FSTEC
added 2019/08/06 12:0 a.m.5 views

The vulnerability of the Data Store component of the Oracle Berkeley DB database management system allows a hacker to gain full control over the DBMS.

The vulnerability of the Data Store component of the Oracle Berkeley DB database management system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain full control over the DBMS...

7CVSS7.8AI score0.00453EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/01/30 12:0 a.m.6 views

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to gain full control over the DBMS.

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server is related to insufficient access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the DBMS using Oracle Net...

8.3CVSS7.1AI score0.01733EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2013/03/26 12:0 a.m.44 views

SynConnect SQL Injection

Title: ==== SynConnect - SQL Injection vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== Date: ==== 01-03-2013 CRD: ==== CRD-2013-01 Vendor: ====== Synchroweb Technology is a provider of application...

0.1AI score
Exploits0
0day.today
0day.today
added 2012/08/13 12:0 a.m.134 views

Open Upload <== Full DataBase Buckup Vulnerability

Exploit for php platform in category web applications Exploit Title: Open Upload == Full Multiple Vulnerabilites Author: email protected Vendor or Software Link: http://openupload.sourceforge.net/ Google dork: "Open Upload - Created by Alessandro Briosi 2009" Tested on: Xp SP 2 Poc : 1 -...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2005/03/11 12:0 a.m.16 views

phpDEV5 Remote Default Insecure Users Vuln

No description provided by source. ------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users & Passwords vuln. By : Ali7 e-mail : [email protected] date : 09-03-2k5 greetz : all my friends ; AlkaeN ; s4a.cc boyz ; Target : PHPDev 5 URL :...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/03/11 12:0 a.m.43 views

phpDEV5 - Remote Default Insecure Users

------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users & Passwords vuln. By : Ali7 e-mail : [email protected] date : 09-03-2k5 greetz : all my friends ; AlkaeN ; s4a.cc boyz ; Target : PHPDev 5 URL : www.firepages.com.au -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2001/01/10 12:0 a.m.33 views

Borland/Inprise Interbase 4.0/5.0/6.0 - Backdoor Password

source: https://www.securityfocus.com/bid/2192/info Interbase is an open source relational database offered by Borland Inprise Corporation. Interbase contains a backdoor user account and password called "LOCKSMITH". When accessed this account will eliminate all implemented security allowing full...

7.4AI score
Exploits0
Rows per page
Query Builder