CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 9:25 p.m.•5 views

CVE-2021-38390

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query...

10CVSS8.5AI score0.19765EPSS

Prion•added 2021/10/22 10:15 p.m.•27 views

Sql injection

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID aka username parameter. Successful exploitation can include...

6.8CVSS10AI score0.73269EPSS

Exploits3References1Affected Software1

CVE•added 2021/10/22 9:25 p.m.•1075 views

CVE-2021-42258

BillQuick Web Suite SQL Injection (CVE-2021-42258) affects BEQ BillQuick Web Suite 2018–2021 prior to 22.0.9.1. The vulnerability is an SQL injection in the txtID/username parameter that enables unauthenticated remote code execution, including the potential to run code as MSSQLSERVER$ via xp_cmds...

9.8CVSS9.9AI score0.73269EPSS

In wildExploits3References2Affected Software1

ATTACKERKB•added 2021/10/22 12:0 a.m.•55 views

CVE-2021-42258

9.8CVSS9.9AI score0.73269EPSS

In wildExploits3References2

NVD•added 2021/08/30 6:15 p.m.•15 views

CVE-2021-38391

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AMHandler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A...

10CVSS0.03455EPSS

NVD•added 2021/08/30 6:15 p.m.•15 views

CVE-2021-38390

10CVSS0.19765EPSS

Prion•added 2021/08/30 6:15 p.m.•21 views

Sql injection

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerCFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A...

10CVSS9.8AI score0.03938EPSS

Prion•added 2021/08/30 6:15 p.m.•23 views

Sql injection

10CVSS9.8AI score0.03455EPSS

Prion•added 2021/08/30 6:15 p.m.•15 views

Sql injection

10CVSS9.8AI score0.19875EPSS

Prion•added 2021/08/30 6:15 p.m.•14 views

Sql injection

10CVSS9.8AI score0.19765EPSS

Cvelist•added 2021/08/30 5:33 p.m.•14 views

CVE-2021-38390

9.9AI score0.19765EPSS

Cvelist•added 2021/08/30 5:33 p.m.•23 views

CVE-2021-32983

9.9AI score0.03938EPSS

Cvelist•added 2021/08/30 5:31 p.m.•17 views

CVE-2021-38393

9.9AI score0.19875EPSS

Cvelist•added 2021/08/30 5:30 p.m.•15 views

CVE-2021-38391

10AI score0.03455EPSS

CNNVD•added 2021/08/26 12:0 a.m.•5 views

Delta Electronics DIAEnergie SQL注入漏洞

A SQL blind injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter egyid before using the value as part of a...

10CVSS6.4AI score0.19765EPSS

Exploits0References4

securityvulns•added 2011/09/20 12:0 a.m.•136 views

Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit

?php / Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration Web Service getSubKeys Remote SQL Injection Exploit tested against: Microsoft Windows Server 2003 r2 sp2 Microsoft SQL Server 2005 Express download uri:...

8.8AI score

Packet Storm•added 2007/04/04 12:0 a.m.•33 views

HP_MQC_Run_Any_Query.txt

!/usr/bin/perl HP Mercury Quality Center runQuery exploit. Run whatever SQL you want on there db - without SQL injection. Problem is client can do "RunQuery" command os we write program to do this. Client can lots other things it should not also! The backend database can be MSSQLServer or Oracle ...

7.4AI score

seebug.org•added 2007/04/04 12:0 a.m.•55 views

HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit

No description provided by source. !/usr/bin/perl HP Mercury Quality Center runQuery exploit. Run whatever SQL you want on there db - without SQL injection. Problem is client can do "RunQuery" command os we write program to do this. Client can lots other things it should not also! The backend...

7.1AI score

0day.today•added 2007/04/03 12:0 a.m.•28 views

HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit

Exploit for multiple platform in category remote exploits ==================================================================== HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit ==================================================================== !/usr/bin/perl HP Mercury Qualit...

7.1AI score