The vulnerability of the lwp_forgot_password function in the “Login with Phone Number” plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the lwpforgotpassword function in the “Login with Phone Number” plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remote...

Advisory ROSA-SA-2023-2253

software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-21595 BDU-ID: 2022-06420 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability exists in the C API component of the MySQL Server database management system due to insufficient input validation. Exploitati...

Sql injection

The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's horizontal-scrolling shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2023-5336 iPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 - Authenticated (Contributor+) SQL Injection via Shortcode

The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

Tennessee Valley Authority: internal path disclosure via register error

Vulnerability description not provided...

ROS-20231009-03

PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions, that use quoting constructs @extowner@, @extschema@, or @extschema:...@ inside parentheses dollar quoting, '', or "". Exploitation of the vulnerability could allow an attacker acting...

Sql injection

SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application...

CVE-2023-3350

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

Design/Logic Flaw

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

CVE-2023-3350

CVE-2023-3350 affects IBERMATICA RPS 2019. A cryptographic issue lets an attacker, by downloading a log file, access SQL queries in plaintext and the log contains password hashes encrypted with AES-CBC-128; these hashes can be decrypted via a .NET function to obtain plaintext passwords. The CVSS-...

CVE-2023-3350 Cryptographic Issues on IBERMATICA RPS

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

CVE-2023-3350 Cryptographic Issues on IBERMATICA RPS

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

The vulnerability of the Custom Logo component of the Nagios XI monitoring tool, which allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Custom Logo component of the Nagios XI monitoring tool is related to the lack of measures taken to protect the SQL query structure when processing the alt-text field. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability in the Nagios XI monitoring tool’s script/ncludes/comComponents/ccm/index.php allows a attacker to execute arbitrary code.

The vulnerability in the nagiosxi/includes/comComponents/ccm/index.php script of the Core Configuration Manager monitoring tool for Nagios XI is related to the lack of security measures taken to protect the SQL query structure when processing parameters tfFirstNotif, tfLastNotif, and...

The vulnerability in the Nagios XI monitoring tool’s script for nagiosxi/admin/banner_message-ajaxhelper.php allows a attacker to disclose protected information.

The vulnerability in the nagiosxi/admin/bannermessage-ajaxhelper.php script of Nagios XI relates to the failure to protect the SQL query structure during the processing of the ID parameter. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

The vulnerability of the Red Hat Ansible configuration management system lies in the lack of protective measures for SQL query structures, allowing attackers to compromise the integrity and accessibility of protected information.

The vulnerability of the Red Hat Ansible configuration management system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the integrity and accessibility of the protected information by using the...

CVE-2023-41640

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query...

CVE-2023-41640

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query...

Sql injection

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query...

Sql injection

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...