1303 matches found
Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of setcertificatesconfig requests to the modTMMS endpoint. When...
Sql injection
Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application...
PT-2023-14141 · Nozomi Networks · Nozomi Networks Guardian +1
Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: The issue is caused by improper input validation in the Alerts controller, allowing an authenticated attacker to execute arbitrary SQL queries on the DBMS used by t...
SQL Injection
com.baomidou:mybatis-plus-extension is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the tenant ID parameter in TenantLineInnerInterceptor.java allows a malicious user to inject and execute arbitrary SQL queries on the target system...
PT-2023-3013 · Ibm · Ibm Db2
Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.1 and 11.5 Description: The issue is related to insufficient input validation in the database management system, which can be exploited by a remote attacker to cause ...
The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert HMI terminals and the SCADA Pro-face BLUE software lies in the lack of security measures taken to protect the SQL query structure, allowing a hacker to execute arbitrary code.
The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert HMI terminals and the SCADA Pro-face BLUE software is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability could allow an attacker to execute...
CVE-2022-42477
An improper input validation vulnerability CWE-20 in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...
CVE-2022-42477
An improper input validation vulnerability CWE-20 in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...
Input validation
An improper input validation vulnerability CWE-20 in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...
CVE-2022-42477
An improper input validation vulnerability CWE-20 in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...
CVE-2022-42477
An improper input validation vulnerability CWE-20 in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...
FortiAnalyzer - Improper input validation in custom dataset
An improper input validation vulnerability CWE-20 in FortiAnalyzer may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...
SQL Injection
github.com/hashicorp/vault is vulnerable to SQL Injection. The vulnerability exists in mssql.go due to improper validation of parameters such as schema, database, and table which allows an attacker to inject and execute arbitrary sql queries...
Music Gallery Site v1.0 - SQL Injection Vulnerability (2)
Exploit Title: Music Gallery Site v1.0 - SQL Injection on page viewmusicdetails.php Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0961 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link: Music Galler...
CVE-2022-42424
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...
CVE-2022-42429
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...
CVE-2022-42427
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a...
CVE-2022-42429
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...
CVE-2022-36973
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImp...
CVE-2022-36976
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can levera...