Search Results (37123 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-12679 1 Cisco 1 Secure Firewall Management Center 2024-11-26 8.8 High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
CVE-2019-12683 1 Cisco 1 Secure Firewall Management Center 2024-11-26 8.8 High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
CVE-2022-20941 1 Cisco 1 Secure Firewall Management Center 2024-11-26 5.3 Medium
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device.
CVE-2019-12680 1 Cisco 1 Secure Firewall Management Center 2024-11-26 8.8 High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
CVE-2019-12684 1 Cisco 1 Secure Firewall Management Center 2024-11-26 8.8 High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
CVE-2022-20744 1 Cisco 1 Secure Firewall Management Center 2024-11-26 6.5 Medium
A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization.
CVE-2024-35678 1 Bestwebsoft 1 Contact Form To Db 2024-11-26 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through 1.7.2.
CVE-2024-31252 1 Dfactory 1 Responsive Lightbox \& Gallery 2024-11-26 4.3 Medium
Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6.
CVE-2024-11631 2 Angeljudesuarez, Itsourcecode 2 Tailoring Management System, Tailoring Management System 2024-11-26 6.3 Medium
A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /expedit.php. The manipulation of the argument expcat leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-11646 2 1000 Projects, 1000projects 2 Beauty Parlour Management System, Beauty Parlour Management System 2024-11-26 7.3 High
A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-11647 2 1000 Projects, 1000projects 2 Beauty Parlour Management System, Beauty Parlour Management System 2024-11-26 7.3 High
A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-11648 1 1000projects 1 Beauty Parlour Management System 2024-11-26 7.3 High
A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-customer.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-23352 1 Qualcomm 211 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 208 more 2024-11-26 7.5 High
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.
CVE-2024-33565 1 Ukrsolution 1 Barcode Scanner And Inventory Manager 2024-11-26 9.1 Critical
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.
CVE-2023-46353 1 Mypresta 1 Product Tag Icons Pro 2024-11-26 9.8 Critical
In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
CVE-2024-34435 1 Coderevolution 1 Aiomatic 2024-11-26 4.3 Medium
Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3.
CVE-2024-49574 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-26 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
CVE-2018-0459 1 Cisco 1 Network Functions Virtualization Infrastructure 2024-11-26 N/A
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to the web-based management interface as a low-privileged user could exploit this vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to use the low-privileged user account to reboot or shut down the affected system.
CVE-2018-0460 1 Cisco 1 Network Functions Virtualization Infrastructure 2024-11-26 N/A
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system.
CVE-2018-15405 1 Cisco 1 Ucs Director 2024-11-26 6.5 Medium
A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks.