61 matches found
SUSE CVE-2010-0005
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query...
The vulnerability of the /student/bookdetails.php component of the Library Management System allows a malicious user to execute arbitrary SQL queries.
The vulnerability of the /student/bookdetails.php component of the Library Management System relates to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
PT-2021-23558 · Sqlite Consortium +2 · Sqlite +2
Name of the Vulnerable Software and Affected Versions: The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite affected versions not specified Description: The issue concerns a remote SQL injection bypass authentication vulnerability for the admin account. The username parameter fr...
CVE-2021-41302
CVE-2021-41302 affects ECOA BAS controller family (ECS Router Controller - ECS (FLASH); RiskBuster Terminator - E6L45; RiskBuster System RB 3.0.0; TRANE 1.0; Graphic Control Software; SmartHome II - E9246; RiskTerminator). The issue is that backup exports and other sensitive data are stored in cl...
Cross site request forgery (csrf)
The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request...
Exploit for Improper Authentication in Influxdata Influxdb
InfluxDB Exploit CVE-2019-20933 Exploit for InfluxDB CVE-2019...
The vulnerabilities of the “/submit.php” and “/infusions/downloads/downloads.php” components of the PHP-Fusion CMS system allow attackers to execute arbitrary SQL queries.
The vulnerability of the “/submit.php” and “/infusions/downloads/downloads.php” components of the PHP-Fusion CMS system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...
PT-2021-2473
Name of the Vulnerable Software and Affected Versions Accellion FTA versions 9 12 370 and earlier Description The issue is related to a lack of protection against SQL query structure exploitation. This can be exploited by a remote attacker to execute arbitrary SQL code and gain unauthorized acces...
The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.
The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
CVE-2019-4061
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869...
CVE-2019-4061
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869...
CVE-2019-4061
CVE-2019-4061 affects IBM BigFix Platform 9.2 and 9.5. The vulnerability arises from relay components not requiring authentication, allowing a remote attacker to query the relay and collect information on updates and fixlets deployed to sites. The impact is information disclosure with no user int...
Interspire Email Marketer SQL Injection Vulnerability (CNVD-2018-26787)
BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from BigCommerec, USA. A SQL injection vulnerability exists in the 'delete tags' function of the Dynamiccontenttags.php file in BigCommerec IEM 6.1.6 and earlier versions. A remote attacker can exploit this...
IBM Tivoli Monitoring SOAP Interface Insecure Configuration Remote SOAP Query Information Disclosure
IBM Tivoli Monitoring, a network asset monitoring platform, is installed on the remote Windows host and is using an insecure configuration. It is, therefore, affected by an information disclosure vulnerability in the SOAP interface due to an insecure default configuration. An unauthenticated,...
CVE-2016-2386
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079...
Multiple IBM Product Denial of Service Vulnerabilities (CNVD-2015-03487)
IBM manufactures and sells computer hardware and software, and provides consulting services for systems architecture and web hosting. Common Inventory Technology CIT versions prior to 2.7.0.2050 are used in IBM License Metric Tool versions 7.2.2, 7.5 and 9, Endpoint Manger for Software Use Analys...
PT-2013-6299 · Esri · Esri Arcgis For Server
Name of the Vulnerable Software and Affected Versions: ESRI ArcGIS for Server versions through 10.2 Description: The issue allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. This can be exploited by providing malicious input to the...
53KF-MongoDB数据库弱口令可远程直接查询库内数据
简要描述: 不需要认证,可以直接连接,操作MongoDB 详细说明: 没有做认证,导致可以直接操纵库 漏洞证明: 未做验证的ip: 60.12.147.151 221.12.88.75 122.227.58.188...
Interchange < 5.4.4 / 5.6.2 / 5.7.2 Search Request Information Disclosure
The remote host appears to be running Interchange, an open source application server that handles state management, authentication, session maintenance, click trails, filtering, URL encodings, and security policy. According to the banner in its administrative login page, the installed version of...
PT-2006-6446 · Unknown · Article Script
Name of the Vulnerable Software and Affected Versions: Article Script versions 1.6.3 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the category parameter in the rss.php file. Recommendations: For Article Script versions 1.6.3 an...