Advantech WebAccess/NMS searchDevice SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the searchDevice.action endpoint. When parsin...

Advantech WebAccess/NMS saveBackground SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the saveBackground.action endpoint. When...

Advantech WebAccess/NMS Login isAccessDenied SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the Login.view endpoint. When parsing the...

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the setTaskdevice method of the DBUtil class...

Advantech WebAccess/NMS forcedScanDevice SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the forcedScanDevice.action endpoint. When...

Advantech WebAccess/NMS single-vlan-info SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the single-vlan-info endpoint. When parsing t...

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getDeviceEvent method of the DBUtil class...

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getManagedDeviceById method of the DBUtil...

CVE-2019-19094

Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database...

CVE-2019-19094

CVE-2019-19094 affects ABB eSOMS versions 3.9 to 6.0.3 and is caused by lack of input validation for SQL queries in the backend, enabling potential SQL injection. The vulnerability has a high CVSS v3.1 base score of 7.6 (network, low attack complexity, privileges required: low; confidentiality im...

CVE-2020-5292

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and...

CVE-2020-5292

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and...

Tribal SITS: Vision Authorization Issue Vulnerability

Tribal SITS: Vision is a higher education student information management system from Tribal UK. An authorization issue vulnerability exists in Tribal SITS: Vision version 9.7.0 that stems from the Uniface TLS Driver not being enabled by default. An attacker can exploit this vulnerability to acces...

Authentication flaw

An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. Thi...

CVE-2019-19127

CVE-2019-19127 — SITS:Vision 9.7.0 (Tribal SITS) Affected product: standalone SITS:Vision component of Tribal SITS, version 9.7.0 (and possibly related versions). Root cause: default configuration leaves the Uniface TLS Driver disabled, causing unencrypted communications between the client and ba...

CVE-2019-19127

An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. Thi...

Samsung Mobile Device SQL Injection Vulnerability (CNVD-2020-31556)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. Samsung mobile devices suffer from a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL queries with the help of specially crafted SQL statements...

The vulnerability of the ABB eSOMS software for managing production processes, related to input validation errors, allows a perpetrator to execute arbitrary SQL queries against the database of the vulnerable application.

The vulnerability of the ABB eSOMS software for managing production processes is related to input validation errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL queries against the database of the vulnerable application...

CVE-2020-3154

A vulnerability in the web UI of Cisco Cloud Web Security CWS could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this...

Sql injection

A vulnerability in the web UI of Cisco Cloud Web Security CWS could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this...