937 matches found
CVE-2022-28813 SQL-injection in Car Park Server 3.0 allows for full database access.
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device...
CVE-2022-23767
This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereb...
Path traversal
This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereb...
CVE-2022-23767
The CVE-2022-23767 entry concerns SecureGate with two identified weaknesses: a SQL injection via login without a password and a path traversal during file transfer. Across connected sources, the vulnerabilities affect SecureGate/WebLink implementations (e.g., SecureGate version 3.x in several rep...
CVE-2022-23767 SecureGate authentication bypass vulnerability
This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereb...
CVE-2022-23767 SecureGate authentication bypass vulnerability
This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereb...
CVE-2022-38118
OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service...
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel SQL Injection Vulnerability
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel is a user registration and login system with an administrative panel from EGavilan Media. EGavilan Media User-Registration -and-Login-System-With-Admin-Panel version 1.0 contains a SQL injection vulnerability, which stems from...
Critical Sophos Security Bug Allows RCE on Firewalls
Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution. The flaw, tracked as CVE-2022-1040, is specifically an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall. It affects versio...
WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection
Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...
WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection (Unauthenticated)
Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...
WordPress Secure Copy Content Protection and Content Locking 2.8.1 Plugin - SQL-Injection Exploit
Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link: https://downloads.wordpress.org/plugin/secure-copy-content-protection.2.8.1.zip...
Wordpress 404 to 301 2.0.2 Plugin - SQL Injection (Authenticated) Exploit
Exploit Title: Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://de.wordpress.org/plugins/404-to-301/ Software Link: https://downloads.wordpress.org/plugin/404-to-301.2.0.2.zip Version: = 2.0.2 Tested on: Ubuntu 20.04 CV...
WordPress 404 To 301 2.0.2 SQL Injection
Exploit Title: Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection Authenticated Date 30.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://de.wordpress.org/plugins/404-to-301/ Software Link: https://downloads.wordpress.org/plugin/404-to-301.2.0.2.zip Version: = 2.0.2 Tested on:...
CVE-2022-22055
The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service...
SAP Kicks Log4Shell Vulnerability Out of 20 Apps
SAP has identified 32 apps that are affected by CVE-2021-44228 – the critical vulnerability in the Apache Log4j Java-based logging library that’s been under active attack since last week. As of yesterday, Patch Tuesday, the German software maker reported that it’s already patched 20 of those apps...
Simple Forum-Discussion System 1.0 SQL Injection Vulnerability
Simple Forum-Discussion System 1.0 Vendor Description: Multiple SQL-Injections are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system...
CVE-2021-43141
Cross Site Scripting XSS vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in planapplication. Recent assessments: nu11secur1ty at November 20, 2021 8:47am UTC reported: CVE-2021-43141 Vendor Description: Cross-Site Scripting XSS vulnerability exists in...
CVE-2021-26609
A vulnerability was found in MangboardWordPress plugin. A SQL-Injection vulnerability was found in ordertype parameter. The ordertype parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information...
CVE-2021-26609 WordPress Mangboard SQL-Injection vulnerability
A vulnerability was found in MangboardWordPress plugin. A SQL-Injection vulnerability was found in ordertype parameter. The ordertype parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information...