CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

85 matches found

NVD•added 2022/12/13 4:15 p.m.•7 views

CVE-2022-43724

A vulnerability has been identified in SICAM PAS/PQS All versions V7.0. Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xpcmdshell feature unauthenticated remote attackers could execute custom OS commands. At...

9.8CVSS0.00678EPSS

Exploits0References1

Prion•added 2022/12/13 4:15 p.m.•10 views

Design/Logic Flaw

7.5CVSS9.7AI score0.00678EPSS

Exploits0References1Affected Software1

CVE•added 2022/12/13 12:0 a.m.•51 views

CVE-2022-43724

CVE-2022-43724 affects Siemens SICAM PAS/PQS prior to V7.0. The vulnerability arises because the software transmits database credentials for the built-in SQL server in cleartext, and with default-enabled xp_cmdshell, an unauthenticated remote attacker could execute arbitrary OS commands. The issu...

9.8CVSS9.7AI score0.00678EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/12/13 12:0 a.m.•8 views

CVE-2022-43724

9.9AI score0.00678EPSS

Exploits0References1

CNVD•added 2022/11/21 12:0 a.m.•13 views

Simmeth System Supplier Manager SQL Injection Vulnerability

Simmeth System Supplier Manager is a supply chain software from Simmeth System GmbH, Germany.A SQL injection vulnerability exists in versions prior to Simmeth System GmbH Supplier Manager 5.6. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...

9.8CVSS9.9AI score0.00857EPSS

Exploits3References1

CNNVD•added 2022/11/15 12:0 a.m.•1 views

Simmeth System Supplier Manager SQL注入漏洞

9.8CVSS8.3AI score0.00857EPSS

Exploits3References4

Kitploit•added 2022/02/04 8:30 p.m.•114 views

SQLRecon - A C# MS SQL Toolkit Designed For Offensive Reconnaissance And Post-Exploitation

A C MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. For detailed usage information on each technique, refer to the wiki. Usage You can grab a copy of SQLRecon from the releases page. Alternatively, feel free to compile the solution yourself This should be as straight...

7.9AI score

Exploits0References6

OSV•added 2021/10/22 10:15 p.m.•0 views

CVE-2021-42258

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID aka username parameter. Successful exploitation can include...

9.8CVSS6.3AI score0.94099EPSS

Exploits3References2

Prion•added 2021/10/22 10:15 p.m.•23 views

Sql injection

6.8CVSS10AI score0.94099EPSS

Exploits3References1Affected Software1

Cvelist•added 2021/10/22 9:25 p.m.•24 views

CVE-2021-42258

10AI score0.94099EPSS

Exploits3References1

CVE•added 2021/10/22 9:25 p.m.•1062 views

CVE-2021-42258

BillQuick Web Suite SQL Injection (CVE-2021-42258) affects BEQ BillQuick Web Suite 2018–2021 prior to 22.0.9.1. The vulnerability is an SQL injection in the txtID/username parameter that enables unauthenticated remote code execution, including the potential to run code as MSSQLSERVER$ via xp_cmds...

9.8CVSS9.9AI score0.94099EPSS

In wildExploits3References2Affected Software1

ATTACKERKB•added 2021/08/24 12:15 p.m.•1 views

CVE-2021-36385

A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe aka U+FF07 in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xpcmdshell...

10CVSS6.4AI score0.03461EPSS

Exploits0References4

Prion•added 2021/08/24 12:15 p.m.•9 views

Sql injection

10CVSS9.9AI score0.03461EPSS

Exploits0References3Affected Software1

OSV•added 2020/08/17 2:15 p.m.•1 views

CVE-2020-12606

An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xpcmdshell stored...

9.8CVSS7.5AI score0.03636EPSS

Exploits0References1

Prion•added 2020/08/17 2:15 p.m.•9 views

Sql injection

7.5CVSS9.7AI score0.03636EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/08/17 1:17 p.m.•13 views

CVE-2020-12606

9.8AI score0.03636EPSS

Exploits0References1

Packet Storm•added 2019/02/21 12:0 a.m.•55 views

Nuuo Central Management SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Authenticated SQL Server SQLi', 'Description' = %q The Nuuo Central Management Server allows an authenticated user to que...

7.5CVSS0.5AI score0.66827EPSS

Exploits5

Packet Storm•added 2018/03/29 12:0 a.m.•29 views

Square 9 GlobalForms 6.2.x Blind SQL Injection

Blind SQL Injection in Square 9 GlobalForms = 6.2.x CVE-2018-8820 Product Description GlobalFormsAr is Square 9as powerful web forms product. GlobalForms can live separate of GlobalSearch and runs on a separate Web Engine. Vulnerability Type Blind SQL injection Vulnerability Description Square 9...

7.7AI score0.08166EPSS

Exploits3

Prion•added 2018/03/28 8:29 p.m.•7 views

Sql injection

An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xpcmdshell. In some cases, the...

6CVSS7.9AI score0.08166EPSS

Exploits3References1Affected Software1

NVD•added 2018/03/28 8:29 p.m.•9 views

CVE-2018-8820

7.5CVSS7.8AI score0.08166EPSS

Exploits3References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by