45 matches found
CVE-2025-0884 Privilege Escalation vulnerability has been discovered in OpenText™ Service Manager.
Unquoted Search Path or Element vulnerability in OpenText™ Service Manager. The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation. This issue affects Service Manager: 9.70, 9.71, 9.72...
CVE-2024-33499
A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...
CVE-2024-56404
In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference IDOR vulnerability allows privilege escalation. Only On-Premise installations are affected...
WordPress Easy Digital Downloads Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS)
Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0659 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ffe82c6fd12f Credits emad Required...
CVE-2022-45436
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting XSS. As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must clic...
CVE-2022-45436
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting XSS. As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must clic...
CVE-2022-33640 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
...
CVE-2021-2207
Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executable privilege with logon to the infrastructu...
CVE-2018-19896
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
CVE-2018-19895
CVE-2018-19895 affects ThinkCMF X2.2.2 and is a SQL Injection vulnerability in the function edit_post() within NavController.class.php. The issue can be exploited by users with manager/administrator privileges through the parentid parameter in a navigation action. Publicly documented details conf...
CVE-2018-19896
ThinkCMF X2.2.2 is affected by a SQL injection via delete() in SlideController.class.php, exploitable with manager/admin privileges through the ids[] parameter in a slide action. Connected sources confirm the vulnerability details but do not provide a patch/version remediation in the documents. N...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...