255 matches found
PT-2023-8525 · Cacti +1 · Cacti +1
Name of the Vulnerable Software and Affected Versions: Cacti versions 1.2.25 and prior Description: The issue is related to a lack of protection in the SQL query structure of the Cacti network monitoring tool, specifically in the pollers.php script. This allows an authorized user to execute...
ROS-20231109-02
Vulnerability in GLPI's request and incident handling system is related to information disclosure. Exploitation exploitation of the vulnerability could allow a remote attacker to obtain user logins. GLPI request and incident handling system vulnerability related to the lack of path filtering by...
Hospital Management System SQL Injection Vulnerability (CNVD-2023-64629)
A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. A SQL injection vulnerability exists in Hospital Management System version V1.0, which stems from the application's inability to...
CVE-2023-35811
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use...
Simple Attendance System 1.0 SQL Injection
Exploit Title: Simple Attendance System 1.0 - Unauthenticated Blind SQLi Exploit Author: t//\1 Date: September 21, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Tested on: Linux Version: v1.0 Exploit Description: The...
QIWI: mysql.initial.sql file is accessable for everyone
здравствуйте. я нашел mysql.initial.sql файл Roundcube Webmail initial database structure. оно открыта для всех. это sql файл которая создает структуру разных таблиц как user,session,cache и так далее PoC url: https://contact.rapida.ru/mysql.initial.sql F1164134 F1164136 Impact information...
Ubuntu: Security Advisory (USN-4472-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-4472-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4472-1 advisory. Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote...
USN-4472-1: PostgreSQL vulnerabilities
Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14349 Andres Freund discover...
Zoho ManageEngine Applications Manager SQL Injection (CVE-2019-11469)
A SQL injection vulnerability exists in Zoho ManageEngine Applications Manager. The vulnerability is due to improper validation of user-supplied input in FaultTemplateOptions.jsp. Successful exploitation could result in arbitrary SQL code execution...
Debian DSA-4604-1 : cacti - security update
Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users. - CVE-2019-16723 Authenticated users may bypass authorization checks for viewing a graph by submitting requests with modified...
Zoho ManageEngine Applications Manager SQL Injection (CVE-2019-11448)
A SQL injection vulnerability exists in Zoho ManageEngine Applications Manager. The vulnerability is due to improper validation of user-supplied input in PopupSLA.jsp. Successful exploitation could lead to arbitrary SQL code execution...
Zoho ManageEngine OpManager SQL Injection (CVE-2018-17823; CVE-2018-17283)
An SQL injection vulnerability exists in ManageEngine. This vulnerability is due to insufficient validation of the name parameter when processing requests sent. Successful exploitation could lead to arbitrary SQL code execution in the security context of database service...
Code injection
In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code...
CVE-2018-16803
In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code...
Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)
Question Security Bulletin: MySQL 0-day exploit CVE-2016-6662 Answer Summary Aspera software is not affected by the 0-day MySQL vulnerability. This vulnerability allows attackers to remotely inject SQL code with root privileges and thus compromise a system. The attack would involve modifying...
U.S. Dept Of Defense: SOAP WSDL Parser SQL Code Execution
Summary: SOAP WSDL Parser SQL Code Execution Description: It was possible to parse WSDL resources and read all functions from the SOAP Admin Panel, therefor i was able to repeat the sql query with a tampered request with my own custom SQL command. i was able to extract all the database names for...
Joomla EkRishta 2.10 Cross Site Scripting / SQL Injection
Exploit Title: Joomla! extension EkRishta 2.10 - Persistent Cross-Site Scripting / SQL Injection Dork: N/A Date: 2018-05-18 Exploit Author: Sina Kheirkhah || [email protected] Software Link: https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/ Vendor...
Joomla EkRishta 2.10 Component - Cross-Site Scripting / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Joomla! extension EkRishta 2.10 - Persistent Cross-Site Scripting / SQL Injection Dork: N/A Exploit Author: Sina Kheirkhah || email protected Software Link:...
Joomla! Component EkRishta 2.10 - Cross-Site Scripting SQL Injection
Joomla! Component EkRishta 2.10 - Cross-Site Scripting SQL Injection Exploit Title: Joomla! extension EkRishta 2.10 - Persistent Cross-Site Scripting / SQL Injection Dork: N/A Date: 2018-05-18 Exploit Author: Sina Kheirkhah || [email protected] Software Link:...