CVE-2022-42424

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2022-36976

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can levera...

CVE-2022-42424

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2022-42428

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2022-42425

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2023-27871

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

Code injection

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

CVE-2023-27871 IBM Aspera Faspex information disclosure

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

CVE-2023-27871 IBM Aspera Faspex information disclosure

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

CVE-2023-27871

CVE-2023-27871 affects IBM Aspera Faspex 4.4.2. A remote attacker could obtain sensitive credential information for an external user via a specially crafted SQL query, indicating an SQL injection in Faspex’s handling of external input. The related Red Hat/NCSC entries and IBM security bulletin co...

Code injection

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query...

Code injection

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query...

The vulnerability of the application programming interface of the IAM and SSO Casdoor platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the application programming interface of the IAM and SSO Casdoor platform relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected...

SQL Injection

webbuilders-group/silverstripe-kapost-bridge is vulnerable to SQL Injection. The vulnerability exists due to the improper sanitization in the database and table name designer feature allowing an attacker to submit arbitrary SQL query’s, resulting in Information Disclosure...

Exploit for SQL Injection in Reputeinfosystems Bookingpress

CVE-2022-0739 BookingPress 1.0.11 - Unauthenticated SQL Inj...

SUSE CVE-2006-1804

SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sqlquery parameter...

SUSE CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

Information Disclosure

froxlor/froxlor is vulnerable to Information Disclosure. A remote attacker is able to gain access to unauthorized user data via a failed prepared SQL query due to an unchecked error condition, resulting in the disclosure of sensitive information...

WordPress plugin SiteGround Security SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

QNAP addresses a vulnerability in NAS devices

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary QNAP has released updates to address a security flaw in its network-attached storage NAS devices that allows arbitrary code injection. This vulnerability enables a remote attacker to run any SQL...