Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-15792

A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack.

CVE
#sql#vulnerability#web#perl#pdf#auth

%PDF-1.5 %���� 1 0 obj << /D [2 0 R /XYZ 70.866 771.024 null] >> endobj 3 0 obj << /D [2 0 R /XYZ 70.866 630.026 null] >> endobj 4 0 obj << /D [2 0 R /XYZ 70.866 445.075 null] >> endobj 5 0 obj << /D [2 0 R /XYZ 70.866 332.073 null] >> endobj 6 0 obj << /D [7 0 R /XYZ 85.039 348.533 null] >> endobj 8 0 obj << /D [9 0 R /XYZ 70.866 771.024 null] >> endobj 10 0 obj << /S /GoTo /D [2 0 R /Fit] >> endobj 2 0 obj << /Contents 11 0 R /Type /Page /Resources 12 0 R /Parent 13 0 R /Annots [14 0 R 15 0 R 16 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 14 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109781922) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 470.474 518.276 481.891] >> endobj 16 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [131.954 106.029 248.203 117.566] >> endobj 17 0 obj << /A << /S /URI /Type /Action /URI (https://cwe.mitre.org/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [69.87 721.983 163.926 733.519] >> endobj 12 0 obj << /ProcSet [/PDF /Text] /Font << /F55 18 0 R /F52 19 0 R >> >> endobj 11 0 obj << /Filter /FlateDecode /Length 2960 >> stream xڵZ[S�F~�W�m� �7I=o 0Y�� C6��A���-G�a�_���nْ|AS�V c��}n}.��v0x��>��N>)>оy8=����pi�+ F��o�m���y9<�Q�ݦ�e1

Related news

CVE-2022-29539: Vulnerability Research & Advisor

resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907