1300 matches found
CVE-2017-3183
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determine...
Design/Logic Flaw
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determine...
Sql injection
Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database...
Cisco Prime Collaboration Provisioning SQL Injection Vulnerability
A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this...
Oracle WebCenter FatWire Content Server 7 - Improper Access Control
Oracle WebCenter FatWire Content Server 7 - Improper Access Control Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 =...
Advantech WebAccess Node BWSCADASoap GetUnackAlarms SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Advantech WebAccess Node BWSCADASoap GraphList SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Advantech WebAccess Node BWSCADASoap GetAlarmsByPage SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Advantech WebAccess Node Quality ItemIdAry SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within Quality.asp. When parsing the ItemIdAry parameter, the process does n...
SQL Injection
sql is vulnerable to SQL Injection. The library does not properly escape parameters before executing SQL queries, allowing a malicious user to inject and execute arbitrary SQL queries...
Trend Micro Smart Protection Server BWListMgmt SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Smart Protection Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of parameters provided to wcs\bwlists\handler.php. The...
CVE-2018-5340
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account specifically, an account with permission to write to the filesystem via SQL queries...
Sql injection
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account specifically, an account with permission to write to the filesystem via SQL queries...
CVE-2018-5340
CVE-2018-5340 affects Zoho ManageEngine Desktop Central versions 10.0.124 and 10.0.184. The issue is that a superuser account (with permission to write to the filesystem via SQL queries) can access the database and potentially perform write operations to the filesystem. The CNVD entry explicitly ...
Tuleap 'CVE-2018-7538' SQLi Vulnerability
Tuleap is prone to an SQL injection SQLi vulnerability in the tracker functionality. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
CVE-2017-17657
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue result...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method requests. The issue result...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method requests. The issue resul...
CVE-2017-17652
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results fr...
CVE-2017-17422
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The issue results from...