CVE-2023-0025

SAP Solution Manager BSP Application - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources...

PT-2023-15956 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager BSP Application version 720 Description: The issue allows an authenticated attacker to craft a malicious link. When clicked by an unsuspecting user, this link can be used to read or modify some sensitive information or...

CVE-2022-34449

PowerPath Management Appliance with versions 3.3 & 3.2 contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application...

CVE-2023-22900

Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database...

The vulnerability of the WebUI user interface of the Oracle Primavera Gateway integration platform allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the WebUI user interface of the Oracle Primavera Gateway data integration platform is related to insufficient validation of entered data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data usi...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

...

OpenJDK: soundbank URL remote loading (Sound, 8293742)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

CVE-2023-0017

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current...

CVE-2022-45936

A vulnerability has been identified in Mendix Email Connector All versions V2.0.0. Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information...

CVE-2022-41271

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration PI - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability...

CVE-2022-36193

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

Sql injection

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

School-Management-System SQL注入漏洞

School-Management-System is a school management system by the individual developer Lahiru Danushka. School-Management-System version 1.0 suffers from a SQL injection vulnerability that originates from allowing remote attackers to modify or delete data via malicious SQL queries...

CVE-2022-36193

CVE-2022-36193 affects School Management System (version 1.0). The vulnerability is a SQL injection that enables remote attackers to modify or delete data via malicious SQL queries, leading to persistent changes in application content/behavior. Concrete details across connected sources confirm th...

Vulnerability fixed in FortiMail

FortiNet has fixed a vulnerability in FortiMail. A malicious person with admin rights in a private, possibly self-hosted configured domain is able to read and modify system information modify for a domain for which it is not authorized. FortiNet has released updates to fix the vulnerability in...

mysql: Server: Options unspecified vulnerability (CPU Oct 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

mysql: InnoDB unspecified vulnerability (CPU Jul 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...

CVE-2022-39404

Vulnerability in the MySQL Installer product of Oracle MySQL component: Installer: General. Supported versions that are affected are 1.6.3 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MyS...

CVE-2022-3255

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify...

mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...