Tennessee Valley Authority: internal path disclosure via register error

Vulnerability description not provided...

ROS-20231009-03

PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions, that use quoting constructs @extowner@, @extschema@, or @extschema:...@ inside parentheses dollar quoting, '', or "". Exploitation of the vulnerability could allow an attacker acting...

Sql injection

SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application...

CVE-2023-3350

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

Design/Logic Flaw

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

CVE-2023-3350 Cryptographic Issues on IBERMATICA RPS

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

CVE-2023-3350

CVE-2023-3350 affects IBERMATICA RPS 2019. A cryptographic issue lets an attacker, by downloading a log file, access SQL queries in plaintext and the log contains password hashes encrypted with AES-CBC-128; these hashes can be decrypted via a .NET function to obtain plaintext passwords. The CVSS-...

CVE-2023-3350 Cryptographic Issues on IBERMATICA RPS

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

CVE-2023-41640

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query...

CVE-2023-41640

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query...

Sql injection

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query...

Sql injection

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

CVE-2023-41640

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query...

CVE-2023-41640

CVE-2023-41640 affects GruppoSCAI RealGimm 1.1.37p38, specifically the ErroreNonGestito.aspx component. The vulnerability is due to improper error handling, enabling an attacker to obtain sensitive technical information through a crafted SQL query. The issue is documented across multiple feeds (N...

PT-2023-28018 · Grupposcai · Realgimm

Name of the Vulnerable Software and Affected Versions: GruppoSCAI RealGimm version 1.1.37p38 Description: An improper error handling issue in the ErroreNonGestito.aspx component allows attackers to obtain sensitive technical information via a crafted SQL query. Recommendations: For GruppoSCAI...

Sql injection

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

Nextcloud: Error when editing a calendar appointment returns stacktrace and query

A vulnerability was found where editing a calendar appointment and changing the ID to a non-existent value returned an error exposing internal server paths and an SQL query. The issue allowed disclosure of sensitive information...

PT-2023-21753 · Tigergraph · Tigergraph Enterprise

Name of the Vulnerable Software and Affected Versions: Tigergraph Enterprise version 3.7.0 Description: An issue was discovered in the GSQL query language, which allows users to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable v...

CVE-2022-48600

A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48594

A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...