CVE-2022-44014

An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...

Design/Logic Flaw

An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...

CVE-2022-44014

An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...

CVE-2022-44014

Summary: CVE-2022-44014 affects Simmeth Lieferantenmanager (pre-5.6). The API design flaw in /DS/LM_API/api/SelectionService/GetPaggedTab allows a user to fetch arbitrary SQL tables, leaking all user passwords and MSSQL hashes. The issue originates from the API’s access control/validation, enabli...

[SECURITY] Fedora 21 Update: castor-1.3.3-1.fc21

Castor is an open source data binding framework for Java. It's basically the shortest path between Java objects, XML documents and SQL tables. Castor provides Java to XML binding, Java to SQL persistence, and more...

Nmap NSE net: ms-sql-tables

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-6760

ViArt Shop aka Shopping Cart 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cartsave.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a userid parameter...