Advantech iView NetworkServlet SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation...

Advantech iView SystemTable updateLDAPSettings SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the updateLDAPSettings method of the SystemTable clas...

Advantech iView User addUser SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the User class. The issue results from the lack of proper validation of a...

Advantech iView TaskEditDeviceTable clearTaskEditorTable SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper...

Advantech iView DeviceTreeTable updateSegmentInfo SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceTreeTable class. The issue results from the lack of proper validation ...

Advantech iView TaskEditDeviceTable updateSelectedPROMVersion SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper...

Advantech iView PSTable getPSInventoryExportData SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getPSInventoryExportData method of the PSTable class. Whe...

Advantech iView NetworkServlet SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation...

Advantech iView NetworkServlet SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation...

Advantech iView TaskEditDeviceTable updateSelected SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper...

Advantech iView DeviceTreeTable setDeviceAuthentication SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceTreeTable class. The issue results from the lack of proper validation ...

Advantech iView NetworkServlet SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of a...

Advantech iView DeviceTreeTable updateNamingData SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the updateNamingData method of the DeviceTreeTable...

Cisco SD-WAN vManage Software SQL Injection Vulnerability

A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An...

Cisco SD-WAN vManage Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL...

CVE-2020-14497

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code...

CVE-2019-9193 PostgreSQL allows OS level commands via COPY SQL function

An OS command injection vulnerability in FortiAnalyzer, FortiAuthenticator and FortiManager may allow a privileged system administrator to run OS level commands on the system via injecting commands in SQL queries...

Cayin Digital Signage System xPost 2.5 - Remote Command Injection

Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web...

[SECURITY] Fedora 32 Update: netdata-1.22.1-3.fc32

netdata is the fastest way to visualize metrics. It is a resource efficient, highly optimized system for collecting and visualizing any type of realtime time-series data, from CPU usage, disk activity, SQL queries, API calls, web site visitors, etc. netdata tries to visualize the truth of now, in...

CVE-2020-3184 Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates...