38 matches found
EUVD-2020-5836
Malware in sbrugna...
EUVD-2020-14500
Malware in sbrugna...
EUVD-2020-5838
Malware in sbrugna...
CVE-2020-13587
An exploitable SQL injection vulnerability exists in the "formsfieldsrules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...
CVE-2020-13588
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...
CVE-2020-21732
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting XSS. An attacker can add JavaScript code to the filename...
CVE-2020-13590
Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done...
Sql injection
Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done...
CVE-2020-13590
Concrete details found: CVE-2020-13590 affects Rukovoditel Project Management App 2.7.2. Multiple authenticated SQL injection vulnerabilities exist in the ntities/fields e page, triggered via actions such as mulitple_edit, copy_selected, and export. Exploitable parameters include entities_id, he...
CVE-2020-13589
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entitiesid parameter in the 'entities/fields page mulitpleedit or copyselected or export function is vulnerable to authenticated SQL injection. An attacker can make...
Sql injection
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...
CVE-2020-13589
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entitiesid parameter in the 'entities/fields page mulitpleedit or copyselected or export function is vulnerable to authenticated SQL injection. An attacker can make...
CVE-2020-13589
CVE-2020-13589 affects Rukovoditel Project Management App 2.7.2. The vulnerability exists in the web page “entities/fields” where the parameters entities_id, selected_fields, and heading_field_id are used in unauthenticated/authenticated SQL queries (mulitple_edit, copy_selected, export). The roo...
CVE-2020-13588
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...
CVE-2020-13588
CVE-2020-13588 affects Rukovoditel Project Management App version 2.7.2, with multiple authenticated SQL injection vulnerabilities in the entities/fields page, including the heading_field_id parameter and related parameters (entities_id, selected_fields). Talos confirms exploitable flaws that req...
CVE-2020-13592
An exploitable SQL injection vulnerability exists in "globallists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either wi...
CVE-2020-13587
An exploitable SQL injection vulnerability exists in the "formsfieldsrules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...
Sql injection
An exploitable SQL injection vulnerability exists in the "formsfieldsrules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...
Sql injection
An exploitable SQL injection vulnerability exists in the "accessrules/rulesform" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...
Sql injection
An exploitable SQL injection vulnerability exists in "globallists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either wi...