CyberSecurityBoard
Sponsor Register Login

CVE-2024-4547

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field

Publication date: Mon, 06 May 2024 19:15:00 +0000


Cyber News related to CVE-2024-4547

CVE-2021-47092 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
6 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
CVE-2024-4547 - A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated ...
11 months ago
CVE-2011-4547 - Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) ...
7 years ago
CVE-2011-4567 - Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to ...
7 years ago
CVE-2013-4547 - nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. ...
3 years ago
CVE-2010-4547 - IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass ...
14 years ago
CVE-2014-4547 - Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) tags or (2) search_for ...
10 years ago
CVE-2016-4547 - Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. ...
8 years ago
CVE-2005-4547 - Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q parameter, as used by the Keyword and Search fields. ...
7 years ago
CVE-2009-4547 - Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php. ...
7 years ago
CVE-2012-4547 - Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors. Per http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awredir.pl?r11.13&r21.14 this vulnerability has been scored as XSS. ...
7 years ago
CVE-2008-4547 - Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS OCX 1.0.1.25 allows remote attackers to execute arbitrary code via a long second argument to the TimeSpanFormat method. ...
7 years ago
CVE-2007-4547 - Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information ...
6 years ago
CVE-2006-4547 - Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a ...
6 years ago
CVE-2019-14312 - Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename../ URI. ...
5 years ago
CVE-2019-4547 - IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949. ...
4 years ago
CVE-2020-4547 - IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions ...
4 years ago
CVE-2015-4547 - EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file. ...
3 years ago
CVE-2022-4547 - The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users ...
2 years ago
CVE-2023-4547 - A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross ...
1 year ago
CVE-2018-4547 - ** REJECT ** This candidate is unused by its CNA. ...
1 year ago
CVE-2017-4547 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)