CVE-2022-26514 Delta Electronics DIAEnergie SQL Injection in DIAE_tagHandler.ashx

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEtagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2020-27285

The default configuration of Crimson 3.1 Build versions prior to 3119.001 allows a user to be able to read and modify the database without authentication...

CVE-2020-3468

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL...

Cisco Cloud Web Security SQL Injection Vulnerability

Cisco Cloud Web Security is a comprehensive cloud-delivered web defense solution. A SQL injection vulnerability exists in the web UI of Cisco Cloud Web Security. The vulnerability stems from the web management interface failing to properly validate SQL values. An authenticated attacker can exploi...

Advanced Electron Forum Cross-Site Request Forgery Vulnerability

Advanced Electron Forum is an online forum system written in PHP. Advanced Electron Forum suffers from a cross-site request forgery vulnerability that allows an attacker to alter the current database, delete all Inbox/Sent messages, delete all 'shouts' and delete all Topics...

SQL Servers SQL Injection Characters Evasion Techniques

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

PHP Address Book SQL Injection Vulnerability (CNVD-2015-00124)

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. A SQL injection vulnerability exists in PHP Address Book, which allows attackers to exploit the vulnerability to compromise an application, access or modify...

CVE-2014-9249

The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408...

MySQL Load File SQL Injection

An SQL injection vulnerability exists in MySQL database server. SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code...

TYPO3 feuser_adminLib Authorization Bypass Vulnerability

TYPO3 is prone to an authorization bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

CVE-2012-2358

Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist...

CVE-2012-2358

Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist...

CVE-2012-2358

Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist...

MySQL Connector/J vulnerable to SQL injection

Overview MySQL Connector/J from Sun Microsystems contains a SQL injection vulnerability. MySQL Connector/J from Sun Microsystems is a software that provides access to a MySQL database for client applications written in Java. MySQL Connector/J contains a SQL injection vulnerability. Masakazu Ikeda...

[Full-disclosure] Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities

netVigilance Security Advisory 28 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities Description: Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from...

JVN#73705637 ACollab SQL injection vulnerability

Impact A remote attacker could modify the database contents or steal data. An attacker could also bypass authentication and impersonate a user. Solution Products Affected ACollab 1.2 and earlier Development and maintenance of ACollab finished with version 1.2 as of July 6, 2006. However ATutor...

JVN#41550845 Nagasaki Electronic Prefectural Office System SQL injection vulnerability

Impact A remote attacker may view or modify the database contents. Solution Products Affected Nagasaki Electronic Prefectural Office System's annual leave management system Nagasaki Electronic Prefectural Office System's staff directry system Nagasaki Electronic Prefectural Office System's docume...