Lucene search
+L

933 matches found

OSV
OSV
added 2021/11/29 10:15 p.m.18 views

CVE-2021-44427

An unauthenticated SQL Injection vulnerability in Rosario Student Information System aka rosariosis before 8.1.1 allows remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter...

9.8CVSS8.4AI score
Exploits0References1
CVE
CVE
added 2021/11/29 9:34 p.m.98 views

CVE-2021-44427

CVE-2021-44427 is an unauthenticated SQL injection in Rosario Student Information System (rosariosis) before 8.1.1. The vulnerability allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, DELETE) via the /Side.php endpoint using the syear parameter. Affected soft...

9.8CVSS9.9AI score0.50641EPSS
In wildExploits1References1Affected Software1
Cvelist
Cvelist
added 2021/11/29 9:34 p.m.26 views

CVE-2021-44427

An unauthenticated SQL Injection vulnerability in Rosario Student Information System aka rosariosis before 8.1.1 allows remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter...

9.8CVSS10AI score0.50641EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2021/11/11 12:0 a.m.17 views

The vulnerability of the automated information system “Registration in OO” arises from the use of pre-set user accounts, allowing a perpetrator to gain unauthorized access to protected information.

The vulnerability of the automated information system “Registration in OO” is related to the use of pre-set user accounts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

8.6CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/11/11 12:0 a.m.7 views

The vulnerability of the automated information system “Registration in OO” arises from the lack of measures taken to protect the structure of the web page, allowing attackers to read arbitrary files.

The vulnerability of the automated information system “Registration in OO” is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files by sending a specially crafted POST request...

8.6CVSS5.6AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/11/01 10:15 p.m.4 views

CVE-2021-41187

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the API endpoints for /api/trackedEntityInstances and api/events in DHIS2. The...

8.8CVSS7.1AI score0.00827EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/11/01 9:20 p.m.48 views

CVE-2021-41187

CVE-2021-41187 concerns DHIS 2. A SQL injection vulnerability exists in specific DHIS2 versions (2.32, 2.33, 2.34, 2.35, 2.36) affecting the REST endpoints for /api/trackedEntityInstances and /api/events . Exploitation requires the attacker to be an authenticated DHIS2 user, and successful exploi...

8.8CVSS8.8AI score0.00827EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/11/01 12:0 a.m.8 views

DHIS 2 SQL注入漏洞

DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. DHIS 2 suffers from a SQL injection vulnerability that stems from a SQL injection security hole in a specific version of DHIS 2. The vulnerability affects API...

8.8CVSS8.1AI score0.00827EPSS
Exploits0References2
OSV
OSV
added 2021/07/21 3:15 p.m.3 views

UBUNTU-CVE-2021-2417

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

6CVSS7.2AI score0.01729EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/20 12:0 a.m.2 views

Oracle MySQL Server 输入验证错误漏洞

Oracle MySQL Server, a relational database from Oracle Corporation, is vulnerable in the Server: GIS component of Oracle MySQL Server 8.0.25 and earlier. An attacker can use this vulnerability to cause MySQL Server to hang or crash frequently and repeatedly complete denial of service, as well as...

8CVSS7.8AI score0.01729EPSS
Exploits0References13
CNVD
CNVD
added 2021/07/08 12:0 a.m.10 views

SQL Injection Vulnerability in Network Video Surveillance System of Tianmai Technology

Zhengzhou Tianmai Technology Co., Ltd. was founded in 2004, is located in Zhengzhou City, National High-tech Industrial Development Zone, is specializing in public transportation intelligent system solutions provider, is the "city intelligent bus solutions" and "3G/4G video, Beidou/GPS monitoring...

7.5AI score
Exploits0
CNVD
CNVD
added 2021/06/15 12:0 a.m.19 views

SQL Injection Vulnerability in Farmers' Credit Information System of Nanning Desi Technology Co.

Nanning Desi Technology Co., Ltd, business scope includes computer software development and technical services; computer, office equipment sales and maintenance, etc.. A SQL injection vulnerability exists in the Farmer Credit Information System of Nanning Desi Technology Co. An attacker can utili...

7.7AI score
Exploits0
CNVD
CNVD
added 2021/06/12 12:0 a.m.12 views

SQL Injection Vulnerability in Multimedia Information Distribution System of Guangdong Xing Shen Technology Co.

Ltd. is located in Guangzhou Science City, where high-tech enterprises gather, and is an innovative enterprise specializing in the research, development, production and sales of commercial display systems, intelligent robots and other products. Ltd. multimedia information dissemination system SQL...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/09 11:46 a.m.44 views

Information Flows and Democracy

Henry Farrell and I published a paper on fixing American democracy: "Rechanneling Beliefs: How Information Flows Hinder or Help Democracy." Its much easier for democratic stability to break down than most people realize, but this doesnt mean we must despair over the future. Its possible, though...

0.2AI score
Exploits0
CNVD
CNVD
added 2021/05/29 12:0 a.m.4 views

SQL Injection Vulnerability in RG-EG Easy Gateway Management System (RG-EG)

Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other items. A SQL injection vulnerability exists in the RG-EG Easy Gateway management system, which can be exploited by attackers to obtain...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/07 12:0 a.m.315 views

Human Resource Information System 0.1 Remote Code Execution

Exploit Title: Human Resource Information System 0.1 - Remote Code Execution Unauthenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2021/05/04 12:0 a.m.195 views

Human Resource Information System 1.0 Authentication Bypass / Account Creation

Exploit Title: Human Resource Information System 1.0 - Create Admin Account Unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14714/human-resource-information-using-phpmysqliobject-orientedcomplete-free-sourcecode.html Version:1.0 Tested on: windows...

0.6AI score
Exploits0
CNVD
CNVD
added 2021/04/22 12:0 a.m.5 views

Weak Password Vulnerability in RG-EG Easy Gateway Web Management System

Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other items. A weak password vulnerability exists in the RG-EG Easy Gateway web management system, which can be exploited by attackers to obtain...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/04/21 1:15 p.m.3 views

django: potential SQL injection via "tolerance" parameter in GIS functions and aggregates on Oracle

A SQL-injection flaw was found in python-django, where GIS functions and aggregates in Oracle did not correctly neutralize tolerance-parameter data. A remote attacker could use this flaw to submit crafted data to inject malicious SQL...

8.8CVSS7.2AI score0.22513EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/04/19 7:26 p.m.31 views

CVE-2021-3506

An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this...

8.1CVSS1AI score0.00366EPSS
Exploits0References5
Rows per page
Query Builder