470 matches found
Aveva eDNA Enterprise Data Historian FavoritesService.asmx SQL injection Vulnerability
Talos Vulnerability Report TALOS-2020-1097 Aveva eDNA Enterprise Data Historian FavoritesService.asmx SQL injection Vulnerability September 23, 2020 CVE Number CVE-2020-6153 Summary An exploitable SQL injection vulnerability exists in the FavoritesService.asmx Web Service functionality of eDNA...
CVE-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...
CVE-2020-14349
Removed by vendor...
CVE-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...
CVE-2020-12606
An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xpcmdshell stored...
CVE-2020-12606
An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xpcmdshell stored...
CVE-2020-14349
A flaw was found in PostgreSQL, where it did not properly sanitize the searchpath during logical replication. This flaw allows an authenticated attacker to use this flaw in an attack similar to CVE-2018-1058 to execute an arbitrary SQL command in the user's context for replication. The highest...
Sql injection
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability exists in U.motion Servers and Touch Panels affected versions listed in the security notification which could cause arbitrary code to be executed when a malicious command is entered...
Sql injection
A CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...
Denial Of Service (DoS)
postgresql is vulnerable to denial of service. Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute an SQL command which could crash the PostgreSQL server...
Denial Of Service (DoS)
postgresql is vulnerable to denial of service. Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute an SQL command which could crash the PostgreSQL server...
Denial Of Service (DoS)
postgresql is vulnerable to denial of service. Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute an SQL command which could crash the PostgreSQL server...
CVE-2020-3936 Unisoon UltraLog Express - SQL Injection
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command...
CVE-2020-3936 Unisoon UltraLog Express - SQL Injection
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command...
CVE-2019-15984
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...
JVN#14776551: Multiple vulnerabilities in WordPress Plugin "wpDataTables Lite"
WordPress Plugin "wpDataTables Lite" provided by TMS-Plugins contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6011 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...
CORS-Vulnerable-Lab: with COSR configuration error related to the vulnerability code range-vulnerability warning-the black bar safety net
This repository contains the CORS configuration error related to the vulnerable code. You can be on the local machine to configure the vulnerable code, and to the actual use of the CORS related error configuration issue. In this case, I would first like to thank@albinowax, the AKReddy, And Vivek...
CVE-2019-9885
eClass platform ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenviewleft.php StudentID parameter...
Sql injection
SQL injection vulnerability in synophotocsPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter...
CVE-2019-11821
Synology Photo Station is affected by a SQL injection in synophoto_csPhotoDB.php. The issue allows remote execution of arbitrary SQL commands via the type parameter and affects versions prior to 6.8.11-3489 and prior to 6.3-2977. Root cause: lack of validation of externally supplied SQL statement...