Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93825)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleanin...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93824)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleanin...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93830)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-90863)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-90860)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingsDaoImpl class. A...

Man-in-the-Middle (MitM)

postgresql is vulnerable to man-in-the-middle attacks. A man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first created when the server is configured to use trust authentication with a 'clientcert' requirement or to utilize 'cert' authentication...

SQL Injection in cacti/cacti

Description SQL Injection vulnerability occurs because the input taken from parameters is not sanitized for SQL Injection statement in useradmin.php useradmin.php:84 updatepolicies function contains sql injection vulnerability getnfilterrequestvar function takes get/post parameter without...

Ubuntu 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-5145-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5145-1 advisory. Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly u...

Debian DLA-2817-1 : postgresql-9.6 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2817 advisory. Jacob Champion discovered two vulnerabilities in the PostgreSQL database system, which could result in man-in-the-middle attacks. For Debian 9 stretch, these...

USN-5145-1: PostgreSQL vulnerabilities

Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established...

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

CVE-2021-28022

CVE-2021-28022 affects ServiceTonic Helpdesk software prior to 9.0.35937. The root cause is a blind SQL injection in the login form, allowing an attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. Affected product: ServiceTonic Helpdesk. Impact stated i...

CVE-2021-34684

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...

CVE-2021-34684

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...

Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection Vulnerability

Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added, Pentaho makes a HTTP request to the dashboards editor /pentaho/api/repos/dashboards/editor in order to test the connectio...

SQL Injection

dolphinScheduleris is vulnerable to SQL injection. The vulnerability exists due to lack of sanitization of user input in data source center, allowing authorized malicious users to inject and execute arbitrary SQL Queries...

CVE-2021-41154

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144,...

CVE-2021-41147

CVE-2021-41147 affects Tuleap Open ALM. An attacker with admin rights in a single agile dashboard service can execute arbitrary SQL queries, impacting Community Edition < 11.16.99.173 and Enterprise Edition < 11.16-6 /