sql injection vulnerabilities and exploits

9
CVSSv2
CVE-2019-11972

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09....

9
CVSSv2
CVE-2019-11978

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09....

9
CVSSv2
CVE-2019-11977

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09....

7.5
CVSSv2
CVE-2019-11768

An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature....

4.3
CVSSv2
CVE-2019-9838

VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter, which is mishandled during admin/error_log.php rendering....

4.3
CVSSv2
CVE-2019-9839

VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter....

6.8
CVSSv2
CVE-2019-12374

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in...

7.5
CVSSv2
CVE-2017-14854

A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25....

5
CVSSv2
CVE-2017-14852

An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data....

3.5
CVSSv2
CVE-2018-5405

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to...