CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2021/03/05 12:0 a.m.•5 views

Doctor Appointment System SQL Injection Vulnerability (CNVD-2021-39522)

Doctor Appointment System is a PHP/MySQLi based doctor appointment system. A SQL injection vulnerability exists in admin.php in Doctor Appointment System 1.0, which can be exploited to insert a malicious SQL query via the username parameter on the login page...

9.8CVSS7.6AI score0.37505EPSS

Exploits3References1

OSV•added 2021/02/12 12:15 a.m.•1 views

CVE-2020-27869

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the...

8.8CVSS7.4AI score

NVD•added 2021/02/04 6:15 a.m.•25 views

CVE-2021-20016

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x...

9.8CVSS0.79818EPSS

Exploits0References2

Prion•added 2021/02/04 6:15 a.m.•27 views

Sql injection

7.5CVSS9.8AI score0.79818EPSS

Exploits0References1Affected Software1

NVD•added 2021/01/13 5:15 p.m.•13 views

CVE-2020-15219

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0...

4.3CVSS4.9AI score0.00199EPSS

OSV•added 2021/01/13 5:15 p.m.•12 views

CVE-2020-15219

4.3CVSS7.3AI score

Prion•added 2021/01/13 5:15 p.m.•11 views

Design/Logic Flaw

4CVSS5AI score0.00199EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/01/13 4:55 p.m.•12 views

CVE-2020-15219 SQL query displayed on portal error

4.3CVSS4.9AI score0.00199EPSS

CVE•added 2021/01/13 4:55 p.m.•38 views

CVE-2020-15219

Combodo iTop vulnerable component: when a download error occurs in the user portal, an SQL query is exposed to the user. Root cause: error path reveals internal SQL. Affected versions: iTop before 2.7.2 and before 3.0.0. Impact per sources: potential information disclosure of the query; no exploi...

4.3CVSS4.8AI score0.00199EPSS

Exploits0References1Affected Software1

OpenVAS•added 2020/11/20 12:0 a.m.•9 views

GaussDB Kernel: Using the Private User Solution

If the control permissions of system administrators for tables need to be isolated from their access permissions, that is, administrators can only perform control operations DROP, ALTER, and TRUNCATE on data and cannot perform access operations INSERT, DELETE, UPDATE, SELECT, and COPY, the privat...

OpenVAS•added 2020/11/20 12:0 a.m.•6 views

GaussDB Kernel: Checking the Administrator Whose ID Is 10

The system administrator with the ID 10 has the highest database permissions, that is, has all system and object permissions. It is recommended that this user be used only for DBA management instead of service applications. Carefully check the operation records of this system administrator...

OpenVAS•added 2020/11/20 12:0 a.m.•5 views

GaussDB Kernel: Deleting the Default Username

You are advised not to use a well-known username, for example, postgres. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

NVD•added 2020/11/12 2:15 p.m.•16 views

CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS9.9AI score0.61049EPSS

Exploits2References1

Cvelist•added 2020/11/12 1:47 p.m.•18 views

CVE-2020-27481

9.9AI score0.61049EPSS

Exploits2References1

ThreatPost•added 2020/11/11 9:4 p.m.•67 views

Silver Peak SD-WAN Bugs Allow for Network Takeover

Silver Peak’s Unity Orchestrator, a software-defined WAN SD-WAN management platform, suffers from three remote code-execution security bugs that can be chained together to allow network takeover by unauthenticated attackers. SD-WAN is a cloud-based networking approach used by enterprises and...

7.5CVSS0.2AI score0.5904EPSS

Exploits2References11

OpenVAS•added 2020/11/11 12:0 a.m.•5 views

openGauss: Enabling the Database Auditing

After a security event occurs, audit logs are used to trace the event, locate faults, and clarify responsibilities. You are advised to set auditenabled to on. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

OpenVAS•added 2020/11/11 12:0 a.m.•6 views

openGauss: Configuring the Maximum Logging Duration of An Audit Log File

The parameter auditrotationinterval specifies the maximum logging duration of an audit log file. After the time expires, another audit log file is automatically Created. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright...

OpenVAS•added 2020/11/11 12:0 a.m.•14 views

openGauss: Configuring the Minimum Audit Log File Retention Period

The parameter auditfileremaintime specifies the minimum period for storing audit logs. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

7.4AI score