CVE-2017-14743

Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/deviceservice, as demonstrated by reading the admin password...

PT-2022-15647 · Unknown · Sante Pacs Server

Name of the Vulnerable Software and Affected Versions: Sante PACS Server version 3.0.4 Description: This issue allows remote attackers to bypass authentication on affected installations. The flaw exists within the processing of calls to the "login endpoint". When parsing the username element, the...

Sql injection

Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/deviceservice, as demonstrated by reading the admin password...

CVE-2009-1595

The CVE-2009-1595 issue affects Ignite Realtime Openfire, where the jabber:iq:auth implementation in IQAuthHandler.java on versions before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts by modifying the username element in a passwd_change action. This enable...