Export limit exceeded: 18013 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18013 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21933 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21932 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21931 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21930 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21929 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21928 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21927 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter. | ||||
| CVE-2021-21926 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter. | ||||
| CVE-2021-21925 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter. | ||||
| CVE-2021-21924 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter. | ||||
| CVE-2021-21923 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.9 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery. | ||||
| CVE-2021-21922 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery. | ||||
| CVE-2021-21921 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.9 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery. | ||||
| CVE-2021-21920 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.9 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery. | ||||
| CVE-2021-21919 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.9 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack. | ||||
| CVE-2021-21918 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.9 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack. | ||||
| CVE-2021-21917 | 1 Advantech | 1 R-seenet | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21916 | 1 Advantech | 1 R-seenet | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21915 | 1 Advantech | 1 R-seenet | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21465 | 1 Sap | 1 Business Warehouse | 2024-11-21 | 9.9 Critical |
| The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system. | ||||