CVE-2023-51595

Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...

CVE-2023-51595

Vulnerability (CVE-2023-51595) : Voltronic Power ViewPower Pro is affected by a SQL injection in the selectDeviceListBy method. The flaw stems from insufficient validation of a user-supplied string used to build SQL queries, allowing an attacker to execute arbitrary code in the context of LOCAL S...

CVE-2023-51586 Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability

Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...

CVE-2023-27358

NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2024-4215 The Multi Factor Authentication bypass vulnerability in pgAdmin 4

pgAdmin = 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files an...

CVE-2024-29968 SQL Table names, column names, and SQL queries are collected in DR standby Supportsave

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access...

CVE-2024-29968

CVE-2024-29968 is a vulnerability in Brocade SANnav prior to 2.3.1 and 2.3.0a where, when configured in disaster recovery mode, DR standby data is collected in Supportsave. This information disclosure could allow authenticated users to access the database structure and contents (SQL table/column ...

SQL Table names, column names, and SQL queries are collected in DR standby Supportsave (CVE-2024-29968)

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access...

CVE-2024-1601

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2024-1601 SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2023-50347

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

CVE-2023-50347 Insecure SQL Interface affects HCL DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

CVE-2023-50347 Insecure SQL Interface affects HCL DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

HCL Technologies DRYiCE MyXalytics 安全漏洞

HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics. An attacker exploiting the vulnerability is able to execute custom SQL queries...

WordPress Plugin Appointment Booking Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Arista NG Firewall ReportEntry SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a...

SQL Injection

Centreon is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied strings before using them to construct SQL queries, specifically within the updateDirectory function. An attacker can leverage this vulnerability to execute code in the context of the service...

SQL Injection

Centreon is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied strings before using them to construct SQL queries, specifically within the updateLCARelation function. An attacker can leverage this vulnerability to execute code in the context of the servi...

SQL Injection

Centreon is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied strings before using them to construct SQL queries, specifically within the updateContactServiceCommands function. An attacker can leverage this vulnerability to execute code in the context o...

CVE-2023-36645

SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function...