Lucene search
K

122 matches found

BDU FSTEC
BDU FSTEC
added 2023/11/17 12:0 a.m.6 views

The vulnerability of the IBM Security Guardium information protection mechanism lies in its failure to protect the structure of SQL queries. This allows attackers to view, add, modify, or delete information in the internal database.

The vulnerability of the IBM Security Guardium security tool is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely access, view, add, modify, or delete information in the internal database...

8CVSS6AI score0.00429EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/28 12:0 a.m.6 views

The vulnerability of SAP PowerDesigner, a tool for modeling enterprise architecture, related to inadequate access control, allows attackers to execute arbitrary queries against the internal database.

The vulnerability of SAP PowerDesigner, a tool for modeling enterprise architecture, is related to deficiencies in access control. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary queries against the internal database through a proxy server...

10CVSS8.1AI score0.01041EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/09/19 9:15 a.m.5 views

CVE-2023-41387

A SQL injection in the flutterdownloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and...

9.1CVSS6AI score0.0065EPSS
Exploits1References2
Prion
Prion
added 2023/09/19 9:15 a.m.18 views

Sql injection

A SQL injection in the flutterdownloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and...

6.4CVSS8.9AI score0.0065EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.3 views

Flutter Downloader SQL Injection Vulnerability

Flutter Downloader is a plugin for creating and managing download tasks. A security vulnerability exists in Flutter Downloader version 1.11.1 iOS, which stems from the fact that if the application uses the UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace attributes, the framework's...

9.1CVSS6.6AI score0.0065EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/09/19 12:0 a.m.17 views

CVE-2023-41387

A SQL injection in the flutterdownloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and...

9.1AI score0.0065EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/09/19 12:0 a.m.15 views

CVE-2023-41387

A SQL injection in the flutterdownloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and...

7.7AI score0.0065EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.5 views

PT-2023-27938 · Unknown · Flutter Downloader

Name of the Vulnerable Software and Affected Versions: flutter downloader versions 1.11.1 and earlier Description: A SQL injection in the flutter downloader component allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of...

9.1CVSS9.1AI score0.0065EPSS
Exploits1References7
OSV
OSV
added 2023/08/14 5:15 a.m.5 views

CVE-2023-3264

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

9.8CVSS6AI score0.00469EPSS
Exploits0References1
OSV
OSV
added 2023/08/14 4:15 a.m.6 views

CVE-2023-3262

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

6.7CVSS6AI score0.0032EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/03/29 12:0 a.m.17 views

Hitachi Energy GMS600, PWC600, and Relion Improper Access Control (CVE-2021-35534)

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...

9CVSS7.1AI score0.01666EPSS
Exploits0References5
PyPA
PyPA
added 2022/09/05 10:15 a.m.8 views

PYSEC-2022-43070

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...

7.5CVSS7AI score0.01105EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/05 12:0 a.m.2 views

PT-2022-37335 · Apache · Apache Iotdb Grafana-Connector

Name of the Vulnerable Software and Affected Versions: Apache IoTDB grafana-connector version 0.13.0 Description: The issue concerns an interface without proper authorization, potentially exposing the internal database structure. Recommendations: For Apache IoTDB grafana-connector version 0.13.0,...

7.5CVSS7.2AI score
Exploits0References3
OSV
OSV
added 2022/04/21 7:15 p.m.3 views

CVE-2022-20732

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...

7.8CVSS7.3AI score0.00201EPSS
Exploits0References1
Prion
Prion
added 2022/04/21 7:15 p.m.18 views

Improper access control

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...

4.6CVSS7.2AI score0.00201EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/20 4:0 p.m.3 views

CVE-2022-20732

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...

7.8CVSS7.3AI score0.00201EPSS
Exploits0References2
CNVD
CNVD
added 2021/12/15 12:0 a.m.7 views

SiPass integrated access control vulnerability (CNVD-2021-100378)

SiPass integrated is an access control system. With the SiPass integrated access control vulnerability, the affected application does not adequately restrict access to the internal active synopsis database. A remote attacker could exploit the vulnerability to read, modify, or delete, among other...

9.1CVSS6.8AI score0.0136EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.4 views

Siemens SiPass Integrated和Siveillance Identity 安全漏洞

SiPass integrated is an access control system. With the SiPass integrated access control vulnerability, the affected application does not adequately restrict access to the internal active synopsis database. A remote attacker could exploit the vulnerability to read, modify, or delete, among other...

9.1CVSS5.6AI score0.0136EPSS
Exploits0References5
OSV
OSV
added 2021/11/18 5:15 p.m.4 views

CVE-2021-35534

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...

7.2CVSS5.8AI score
Exploits0References3
Prion
Prion
added 2021/11/18 5:15 p.m.17 views

Security feature bypass

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...

9CVSS6.8AI score0.01666EPSS
Exploits0References3Affected Software5
Rows per page
Query Builder