83 matches found
PT-2024-1053
Name of the Vulnerable Software and Affected Versions Microsoft.Data.SqlClient and System.Data.SqlClient affected versions not specified Description A security-feature bypass vulnerability in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider allows attackers to affect the...
CVE-2023-7047
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL dat...
CVE-2023-7047
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL dat...
Design/Logic Flaw
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL dat...
CVE-2023-7047
The CVE-2023-7047 entry concerns Devolutions Remote Desktop Manager. Affected software: Devolutions Remote Desktop Manager versions 2023.3.31 and earlier. Root cause: inadequate validation of permissions when using remote tools and macros via the context menu. Impact: a user could initiate a conn...
CVE-2023-7047
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL dat...
CVE-2023-7047
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL dat...
CVE-2023-6593
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction...
CVE-2023-6593
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction...
Design/Logic Flaw
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction...
CVE-2023-6593
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction...
CVE-2023-6593
CVE-2023-6593 concerns a client-side permission bypass in Devolutions Remote Desktop Manager (iOS) 2023.3.4.0 and earlier. According to Red Hat and related sources, an attacker who has access to the application can execute entries in a SQL data source without restriction. The vulnerability is des...
CVE-2023-6593
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction...
Devolutions Remote Desktop Manager Security Vulnerability
Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2023.3.4.0 and prior versions, which originated from a vulnerability that allows an...
Code injection
B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the...
CVE-2023-33993
CVE-2023-33993 affects the SAP Business One B1i module, version 10.0. An authenticated user with deep knowledge can send crafted network queries to read or modify SQL data, causing high impact to confidentiality, integrity and availability. Root cause described as insufficient protection of the S...
CVE-2022-46898
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...
Path traversal
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...
CVE-2022-46898
CVE-2022-46898 concerns Vocera Report Server/Voice Server v5.x–5.8. A path-traversal flaw in the “restore SQL data” ZIP import workflow lets an attacker craft a ZIP with a SQL file that escapes the restoration directory. The Vocera Report Console’s websocket interface for restoration can process ...
CVE-2022-46898
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...