CVE-2024-4215 The Multi Factor Authentication bypass vulnerability in pgAdmin 4

pgAdmin = 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files an...

CVE-2024-29968

CVE-2024-29968 is a vulnerability in Brocade SANnav prior to 2.3.1 and 2.3.0a where, when configured in disaster recovery mode, DR standby data is collected in Supportsave. This information disclosure could allow authenticated users to access the database structure and contents (SQL table/column ...

CVE-2024-29968 SQL Table names, column names, and SQL queries are collected in DR standby Supportsave

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access...

SQL Table names, column names, and SQL queries are collected in DR standby Supportsave (CVE-2024-29968)

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access...

CVE-2024-1601

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2024-1601 SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2023-50347

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

CVE-2023-50347 Insecure SQL Interface affects HCL DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

CVE-2023-50347 Insecure SQL Interface affects HCL DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

HCL Technologies DRYiCE MyXalytics 安全漏洞

HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics. An attacker exploiting the vulnerability is able to execute custom SQL queries...

Arista NG Firewall ReportEntry SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a...

WordPress Plugin Appointment Booking Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

SQL Injection

Centreon is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied strings before using them to construct SQL queries, specifically within the updateDirectory function. An attacker can leverage this vulnerability to execute code in the context of the service...

SQL Injection

Centreon is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied strings before using them to construct SQL queries, specifically within the updateLCARelation function. An attacker can leverage this vulnerability to execute code in the context of the servi...

SQL Injection

Centreon is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied strings before using them to construct SQL queries, specifically within the updateContactServiceCommands function. An attacker can leverage this vulnerability to execute code in the context o...

CVE-2023-36645

SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function...

CVE-2023-36645

The CVE-2023-36645 entry concerns ITB-GmbH TradePro v9.5 with a SQL injection via the oordershow component in the customer function. Connected PT-2024-12574 details show the root cause as an access-control weakness allowing remote exploitation to execute SQL queries. Affects ITB-GmbH TradePro 9.5...

CVE-2023-36645

SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function...

Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability

Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability

Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateLCARelation...