Show filters
511 topics marked with the following tags:
Displaying 31-40 of 511
Sort by:
Attacker Value
Moderate
CVE-2023-37679
Disclosure Date: August 03, 2023 (last updated October 08, 2023)
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
2
Attacker Value
Moderate
CVE-2022-31661
Disclosure Date: August 05, 2022 (last updated October 08, 2023)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
1
Attacker Value
Low
CVE-2020-9268
Disclosure Date: February 18, 2020 (last updated October 06, 2023)
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
0
Attacker Value
High
CVE-2021-26295
Disclosure Date: March 22, 2021 (last updated November 08, 2023)
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
3
Attacker Value
Low
CVE-2023-0297
Disclosure Date: January 14, 2023 (last updated October 08, 2023)
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
1
Attacker Value
Low
CVE-2020-9269
Disclosure Date: February 18, 2020 (last updated October 06, 2023)
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
0
Attacker Value
High
CVE-2023-21932
Disclosure Date: April 18, 2023 (last updated October 08, 2023)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V…
2
Attacker Value
High
CVE-2020-35846
Disclosure Date: December 30, 2020 (last updated October 07, 2023)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
3
Attacker Value
Very High
© 2021 Rupee Invoice System - Mayuri K | Designed by : Mayurik K is vulnerable …
Last updated September 21, 2021
The © 2021 Rupee Invoice System - Mayuri K | Designed by : Mayurik K is vulnerable to remote SQL-Injection-Bypass-Authentication.
remote SQL-Injection-Bypass-Authentication: https://portswigger.net/support/using-sql-injection-to-bypass-authentication.
The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
When the user will sending a malicious query or malicious payload to the MySQL server for those three accounts, he can bypass the login credentials and take control of admin account.
1
Attacker Value
Very High
CVE-2019-16662
Disclosure Date: October 28, 2019 (last updated October 06, 2023)
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
1