194 matches found
CVE-2024-6295 udn News App - Insecure Data Storage
udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn...
CVE-2023-41816
An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database...
CVE-2023-41816
The CVE-2023-41816 entry concerns the Motorola Services Main mobile application, with a reported improper export vulnerability that could let a local attacker write to a local database. The available documents indicate an in-application export flaw as the root cause, enabling local compromise und...
CVE-2023-41816
An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database...
Motorola Services Main 安全漏洞
Motorola Services Main is a mobile application service from Motorola USA. A security vulnerability exists in Motorola Services Main that stems from an incorrect export vulnerability that could allow a local attacker to write to a local database...
CVE-2023-48645
An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...
CVE-2023-48645
An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...
Sql injection
An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...
PT-2024-13617 · Archibus · Archibus
Name of the Vulnerable Software and Affected Versions: Archibus app version 4.0.3 for iOS Description: An issue was discovered in the Archibus app, which uses a local database synchronized with a Web central server instance. There is a SQL injection in the search work request feature in the...
ARCHIBUS Security Vulnerabilities
ARCHIBUS is a software platform from ARCHIBUS focused on helping organizations effectively manage their real estate, facilities and infrastructure to improve efficiency, reduce costs and support strategic planning. A security vulnerability exists in ARCHIBUS version 4.0.3 that stems from the use ...
CVE-2023-48645
An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...
CVE-2023-28713
Plaintext storage of a password exists in CONPROSYS HMI System CHS versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information ...
CVE-2023-21918
Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle...
CVE-2022-34910
An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device...
Design/Logic Flaw
An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device...
CVE-2022-34910
An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device...
PT-2022-19218 · Zoom · Zoom Client For Meetings +1
Name of the Vulnerable Software and Affected Versions: Zoom Client for Meetings versions prior to 5.12.6 Description: The issue arises from a failure to clear data from a local SQL database after a meeting ends, combined with the use of an insufficiently secure per-device key to encrypt that...
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2022-17792)
Siemens SINEC NMS is a network management system NMS from Siemens Germany that is used to centrally monitor, manage, and configure industrial networks with tens of thousands of devices 24/7, including security-related areas.A SQL injection vulnerability in Siemens SINEC NMS allows a privileged,...
Command injection
A vulnerability has been identified in SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application...
CVE-2022-24281
A vulnerability has been identified in SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application...