Search Results (37038 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-37435 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37434 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37433 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37432 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37431 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37430 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37429 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2024-11-21 6.5 Medium
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
CVE-2023-37394 2 Deepak Anand, Wp Dummy Content Generator Project 2 Wp Dummy Content Generator, Wp Dummy Content Generator 2024-11-21 5.3 Medium
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 2.3.0.
CVE-2023-37376 1 Siemens 1 Tecnomatix 2024-11-21 7.8 High
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)
CVE-2023-37367 1 Samsung 24 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 21 more 2024-11-21 5.3 Medium
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages.
CVE-2023-37361 1 Vanderbilt 1 Redcap 2024-11-21 2.7 Low
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
CVE-2023-37278 1 Glpi-project 1 Glpi 2024-11-21 6.8 Medium
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9.
CVE-2023-37270 1 Piwigo 1 Piwigo 2024-11-21 7.6 High
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.
CVE-2023-37258 1 Dataease 1 Dataease 2024-11-21 8.8 High
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds.
CVE-2023-37197 1 Schneider-electric 1 Struxureware Data Center Expert 2024-11-21 8.8 High
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE.
CVE-2023-37196 1 Schneider-electric 1 Struxureware Data Center Expert 2024-11-21 8.8 High
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE.
CVE-2023-37165 1 Millhouse-project Project 1 Millhouse-project 2024-11-21 9.8 Critical
Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php.
CVE-2023-37069 1 Online Hospital Management System Project 1 Online Hospital Management System 2024-11-21 9.8 Critical
Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.
CVE-2023-37068 1 Sherlock 1 Gym Management System 2024-11-21 9.8 Critical
Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.
CVE-2023-37049 1 Emlog 1 Emlog 2024-11-21 6.5 Medium
emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.