PT-2022-15647 · Unknown · Sante Pacs Server

Name of the Vulnerable Software and Affected Versions: Sante PACS Server version 3.0.4 Description: This issue allows remote attackers to bypass authentication on affected installations. The flaw exists within the processing of calls to the "login endpoint". When parsing the username element, the...

CVE-2022-30619

Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the...

Advantech iView set_useraccount UserName SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the NetworkServlet endpoint,...

Advantech iView addDeviceTreeItem SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the NetworkServlet...

Advantech iView exportInventoryTable SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the NetworkServlet...

Advantech iView setTaskMgrItem SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When...

Advantech iView retrieveAllTaskMgrUpdateItems sort_field/sort_type SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When...

Advantech iView performSearchDevice SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When...

Advantech iView findCfgDeviceListDetailsExport segment SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When...

CVE-2022-30619

Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the...

WordPress Cube Slider plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. The WordPress Cube Slider plugin 1.2 and earlier versions are vulnerable to SQL injection, which...

EulerOS 2.0 SP3 : log4j (EulerOS-SA-2022-1744)

According to the versions of the log4j package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...

Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport clas...

USN-4781-1: Slurm vulnerabilities

It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. CVE-2016-10030 It was discovered that Slurm mishandled SPAN...

USN-4781-1 slurm-llnl vulnerabilities

It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. CVE-2016-10030 It was discovered that Slurm mishandled SPAN...

Django database denial-of-service with ModelMultipleChoiceField

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when showhiddeninitial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries...

GHSA-6G95-X6CJ-MG4V Django database denial-of-service with ModelMultipleChoiceField

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when showhiddeninitial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-36031)

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. A SQL...

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26651

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The funcodbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. Th...