The vulnerability of the Service Account Auditing service of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus allows a perpetrator to execute arbitrary code.

The vulnerability of the Service Account Auditing service in the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of security measures for the SQL query structure. Exploitation of this vulnerability could allow a malicious actor to...

The vulnerability of the UnlockBufferingSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions and gain access to write and read arbitrary files.

The vulnerability of the UnlockBufferingSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to bypass security...

The vulnerabilities in web browsers Firefox and Firefox ESR, as well as the Thunderbird email client, are related to the lack of security measures for SQL query structures, allowing attackers to trigger a service failure.

The vulnerabilities in web browsers Firefox and Firefox ESR, as well as the email client Thunderbird, are related to the lack of security measures for handling SQL query structures. Exploiting these vulnerabilities can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the email protection function of Sophos Firewall (formerly known as Sophos XG Firewall) allows a hacker to execute arbitrary code.

The vulnerability of the email protection function of Sophos Firewall formerly Sophos XG Firewall relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using the Secure PDF eXchange SPX...

The vulnerability of the Suite Applications Services service on the Mitel MiCollab collaboration platform allows a hacker to execute arbitrary code.

The vulnerability of the Suite Applications Services service of the Mitel MiCollab collaboration platform relates to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. This allows attackers to access database contents, create, and read arbitrary files.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to remotely access database contents, create and read arbitrary files by injecting specially...

The vulnerability in the implementation of the get_component_fields method of the comments module in the Netcat CMS system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the getcomponentfields method in the comments module of the Netcat CMS system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information from...

CVE-2023-50347

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

CVE-2023-50347 Insecure SQL Interface affects HCL DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

CVE-2023-50347 Insecure SQL Interface affects HCL DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

CVE-2023-50347

CVE-2023-50347 : The vulnerability affects HCL DRYiCE MyXalytics, described as an insecure SQL interface that could allow an attacker to execute arbitrary SQL, including changing system configuration. Multiple sources (NVD/NVD-derived records and third-party advisories) corroborate the issue but ...

PT-2023-8526 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions affected versions not specified VR-S1000 firmware versions prior to 2.42 Description: The issue is related to a lack of protection in the SQL query structure in Cacti, and in VR-S1000 firmware, it allows an attacker with access...

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

通达OA集团最新版一处盲注漏洞demo测试（需登录）

简要描述： 集团OA最新版，未过滤'，然后再绕过过滤函数，root权限 详细说明： 厂商官网：http://.../ 集团demo地址：.../ SQL漏洞地址： .../general/document/index.php/send/sendlist/sendfor/?tid=&title=1 参数title可注入 这个点竟然没有过滤单引号' 爆SQL语句： 提交： .../general/document/index.php/send/sendlist/sendfor/?tid=&title=1%' and 1=2 union select 返回： 不安全的SQL语句：联合查询...

[Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass

Title: Invision Power Board = 2.3.5 Multiple Vulnerabilities and Security Bypass Vendor: http://www.invisionpower.com/community/board/ Advisory: http://acid-root.new.fr/?0:18 Author: DarkFig gmdarkfig at gmail dot com Released on: 2008/08/29 Changelog: 2008/08/29 Summary: Introduction Blind SQL...