CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1303 matches found

Zero Day Initiative•added 2020/04/08 12:0 a.m.•14 views

Advantech WebAccess/NMS single-vlan-info SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the single-vlan-info endpoint. When parsing t...

7.5CVSS1.7AI score0.01263EPSS

Exploits0References1

Zero Day Initiative•added 2020/04/08 12:0 a.m.•15 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

7.5CVSS2.5AI score0.01263EPSS

Exploits0References1

Zero Day Initiative•added 2020/04/08 12:0 a.m.•18 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

7.5CVSS2.6AI score0.01263EPSS

Exploits0References1

Zero Day Initiative•added 2020/04/08 12:0 a.m.•26 views

Advantech WebAccess/NMS Login isAccessDenied SQL Injection Information Disclosure Vulnerability

7.5CVSS2.2AI score0.01263EPSS

Exploits0References1

Zero Day Initiative•added 2020/04/08 12:0 a.m.•9 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

7.5CVSS3.1AI score0.01263EPSS

Exploits0References1

Zero Day Initiative•added 2020/04/08 12:0 a.m.•17 views

Advantech WebAccess/NMS TopogroupeditAction SQL Injection Information Disclosure Vulnerability

7.5CVSS2.2AI score0.01263EPSS

Exploits0References1

Zero Day Initiative•added 2020/04/08 12:0 a.m.•11 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

7.5CVSS1.1AI score0.01263EPSS

Exploits0References1

Zero Day Initiative•added 2020/04/08 12:0 a.m.•15 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

7.5CVSS1.8AI score0.01263EPSS

Exploits0References1

Zero Day Initiative•added 2020/04/08 12:0 a.m.•19 views

Advantech WebAccess/NMS saveBackground SQL Injection Information Disclosure Vulnerability

7.5CVSS2.3AI score0.01263EPSS

Exploits0References1

Zero Day Initiative•added 2020/04/08 12:0 a.m.•18 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

7.5CVSS3.1AI score0.01263EPSS

Exploits0References1

Zero Day Initiative•added 2020/04/08 12:0 a.m.•15 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

7.5CVSS0.9AI score0.01263EPSS

Exploits0References1

NVD•added 2020/04/02 8:15 p.m.•18 views

CVE-2019-19094

Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database...

7.6CVSS7.9AI score0.00935EPSS

Exploits0References1

CVE•added 2020/04/02 7:47 p.m.•61 views

CVE-2019-19094

CVE-2019-19094 affects ABB eSOMS versions 3.9 to 6.0.3 and is caused by lack of input validation for SQL queries in the backend, enabling potential SQL injection. The vulnerability has a high CVSS v3.1 base score of 7.6 (network, low attack complexity, privileges required: low; confidentiality im...

7.6CVSS7.9AI score0.00935EPSS

Exploits0References1Affected Software1

OSV•added 2020/03/31 7:15 p.m.•14 views

CVE-2020-5292

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and...

8.8CVSS8.3AI score

Exploits0References3

NVD•added 2020/03/31 7:15 p.m.•8 views

CVE-2020-5292

8.8CVSS9AI score0.01405EPSS

Exploits0References3

CNVD•added 2020/03/26 12:0 a.m.•1 views

Tribal SITS: Vision Authorization Issue Vulnerability

Tribal SITS: Vision is a higher education student information management system from Tribal UK. An authorization issue vulnerability exists in Tribal SITS: Vision version 9.7.0 that stems from the Uniface TLS Driver not being enabled by default. An attacker can exploit this vulnerability to acces...

8.1CVSS7.6AI score0.01252EPSS

Exploits1References1

Prion•added 2020/03/25 3:15 p.m.•19 views

Authentication flaw

An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. Thi...

6.8CVSS8.7AI score0.01252EPSS

Exploits1References2

CVE•added 2020/03/25 2:18 p.m.•78 views

CVE-2019-19127

CVE-2019-19127 — SITS:Vision 9.7.0 (Tribal SITS) Affected product: standalone SITS:Vision component of Tribal SITS, version 9.7.0 (and possibly related versions). Root cause: default configuration leaves the Uniface TLS Driver disabled, causing unencrypted communications between the client and ba...

8.1CVSS8.7AI score0.01252EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/03/25 2:18 p.m.•22 views

CVE-2019-19127

8.7AI score0.01252EPSS

Exploits1References2

CNVD•added 2020/03/25 12:0 a.m.•3 views

Samsung Mobile Device SQL Injection Vulnerability (CNVD-2020-31556)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. Samsung mobile devices suffer from a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL queries with the help of specially crafted SQL statements...

7.8CVSS8.2AI score0.00166EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by