| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code. |
| An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code. |
| In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection. |
| Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. |
| The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. |
| The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints. |
| An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message. |
| A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. |
| In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. |
| A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=. |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. |
| Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. |
| Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction. |
| Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee. |
| Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. |
| Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. |