Lucene search
K

61 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.3 views

SUSE CVE-2010-0005

query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query...

7.5CVSS7AI score0.01688EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/29 12:0 a.m.6 views

The vulnerability of the /student/bookdetails.php component of the Library Management System allows a malicious user to execute arbitrary SQL queries.

The vulnerability of the /student/bookdetails.php component of the Library Management System relates to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

7.5CVSS8.1AI score0.00891EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/22 12:0 a.m.6 views

PT-2021-23558 · Sqlite Consortium +2 · Sqlite +2

Name of the Vulnerable Software and Affected Versions: The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite affected versions not specified Description: The issue concerns a remote SQL injection bypass authentication vulnerability for the admin account. The username parameter fr...

9.8CVSS9.9AI score0.0274EPSS
Exploits1References4
CVE
CVE
added 2021/09/30 10:41 a.m.60 views

CVE-2021-41302

CVE-2021-41302 affects ECOA BAS controller family (ECS Router Controller - ECS (FLASH); RiskBuster Terminator - E6L45; RiskBuster System RB 3.0.0; TRANE 1.0; Graphic Control Software; SmartHome II - E9246; RiskTerminator). The issue is that backup exports and other sensitive data are stored in cl...

7.3CVSS7.3AI score0.00415EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/08/05 1:15 p.m.14 views

Cross site request forgery (csrf)

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request...

5CVSS7.6AI score0.0198EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2021/04/28 4:25 p.m.244 views

Exploit for Improper Authentication in Influxdata Influxdb

InfluxDB Exploit CVE-2019-20933 Exploit for InfluxDB CVE-2019...

9.8CVSS0.5AI score0.30921EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2021/03/11 12:0 a.m.6 views

The vulnerabilities of the “/submit.php” and “/infusions/downloads/downloads.php” components of the PHP-Fusion CMS system allow attackers to execute arbitrary SQL queries.

The vulnerability of the “/submit.php” and “/infusions/downloads/downloads.php” components of the PHP-Fusion CMS system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

9CVSS8AI score0.01699EPSS
Exploits1References8Affected Software1
Positive Technologies
Positive Technologies
added 2021/02/16 12:0 a.m.3 views

PT-2021-2473

Name of the Vulnerable Software and Affected Versions Accellion FTA versions 9 12 370 and earlier Description The issue is related to a lack of protection against SQL query structure exploitation. This can be exploited by a remote attacker to execute arbitrary SQL code and gain unauthorized acces...

9.8CVSS7.8AI score0.05998EPSS
Exploits0References21
BDU FSTEC
BDU FSTEC
added 2019/10/09 12:0 a.m.9 views

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

9CVSS5.9AI score0.02965EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/02/27 10:29 p.m.29 views

CVE-2019-4061

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869...

5.3CVSS5AI score0.22547EPSS
Exploits2References4
Cvelist
Cvelist
added 2019/02/27 10:0 p.m.34 views

CVE-2019-4061

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869...

5.3CVSS5AI score0.22547EPSS
Exploits2References4
CVE
CVE
added 2019/02/27 10:0 p.m.71 views

CVE-2019-4061

CVE-2019-4061 affects IBM BigFix Platform 9.2 and 9.5. The vulnerability arises from relay components not requiring authentication, allowing a remote attacker to query the relay and collect information on updates and fixlets deployed to sites. The impact is information disclosure with no user int...

5.3CVSS4.9AI score0.22547EPSS
In wildExploits2References4Affected Software1
CNVD
CNVD
added 2018/11/26 12:0 a.m.4 views

Interspire Email Marketer SQL Injection Vulnerability (CNVD-2018-26787)

BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from BigCommerec, USA. A SQL injection vulnerability exists in the 'delete tags' function of the Dynamiccontenttags.php file in BigCommerec IEM 6.1.6 and earlier versions. A remote attacker can exploit this...

8.8CVSS9.1AI score0.00984EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/06/30 12:0 a.m.37 views

IBM Tivoli Monitoring SOAP Interface Insecure Configuration Remote SOAP Query Information Disclosure

IBM Tivoli Monitoring, a network asset monitoring platform, is installed on the remote Windows host and is using an insecure configuration. It is, therefore, affected by an information disclosure vulnerability in the SOAP interface due to an insecure default configuration. An unauthenticated,...

5.3CVSS6.5AI score0.01302EPSS
Exploits0References2
OSV
OSV
added 2016/02/16 3:59 p.m.4 views

CVE-2016-2386

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079...

9.8CVSS6.1AI score0.7106EPSS
Exploits8References8
CNVD
CNVD
added 2015/05/28 12:0 a.m.3 views

Multiple IBM Product Denial of Service Vulnerabilities (CNVD-2015-03487)

IBM manufactures and sells computer hardware and software, and provides consulting services for systems architecture and web hosting. Common Inventory Technology CIT versions prior to 2.7.0.2050 are used in IBM License Metric Tool versions 7.2.2, 7.5 and 9, Endpoint Manger for Software Use Analys...

5CVSS6.6AI score0.01256EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2013/12/30 12:0 a.m.4 views

PT-2013-6299 · Esri · Esri Arcgis For Server

Name of the Vulnerable Software and Affected Versions: ESRI ArcGIS for Server versions through 10.2 Description: The issue allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. This can be exploited by providing malicious input to the...

7.5CVSS8.9AI score0.02289EPSS
Exploits1References3
seebug.org
seebug.org
added 2013/07/11 12:0 a.m.25 views

53KF-MongoDB数据库弱口令可远程直接查询库内数据

简要描述: 不需要认证,可以直接连接,操作MongoDB 详细说明: 没有做认证,导致可以直接操纵库 漏洞证明: 未做验证的ip: 60.12.147.151 221.12.88.75 122.227.58.188...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/09/23 12:0 a.m.11 views

Interchange < 5.4.4 / 5.6.2 / 5.7.2 Search Request Information Disclosure

The remote host appears to be running Interchange, an open source application server that handles state management, authentication, session maintenance, click trails, filtering, URL encodings, and security policy. According to the banner in its administrative login page, the installed version of...

5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2006/11/06 12:0 a.m.6 views

PT-2006-6446 · Unknown · Article Script

Name of the Vulnerable Software and Affected Versions: Article Script versions 1.6.3 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the category parameter in the rss.php file. Recommendations: For Article Script versions 1.6.3 an...

7.5CVSS7.5AI score0.01264EPSS
Exploits2References9
Rows per page
Query Builder