Moodle SQL Injection Vulnerability (CNVD-2022-25190)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A SQL injection vulnerability exists in Moodle versions 3.9.0 through 3.11.5, which stems from insufficient cleanup of user-supplied da...

Fortinet FortiWLM SQL Injection Vulnerability (CNVD-2022-50953)

Fortinet FortiWLC is a wireless LAN controller from Fortinet, Inc. An SQL injection vulnerability exists in Fortinet FortiWLC, which stems from insufficient cleaning of user-supplied data in the AP monitoring handler, and could be exploited to send specially crafted requests to affected...

CVE-2021-41679

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter...

CVE-2021-37832

A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter...

Gira TKS-IP-Gateway Path Traversal Vulnerability

Gira TKS-IP-Gateway is a network communication gateway product from Gira Germany. A path traversal vulnerability exists in Gira TKS-IP-Gateway version 4.0.7.7. An attacker could exploit the vulnerability to download an application database...

CVE-2020-10794

Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access...

The vulnerability of the ABB eSOMS software for managing production processes, related to input validation errors, allows a perpetrator to execute arbitrary SQL queries against the database of the vulnerable application.

The vulnerability of the ABB eSOMS software for managing production processes is related to input validation errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL queries against the database of the vulnerable application...

Design/Logic Flaw

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain...

CVE-2018-11079

CVE-2018-11079 affects Dell EMC Secure Remote Services (ESRS) prior to 3.32.00.08. The vulnerability is plaintext storage of database credentials in a configuration file, allowing an authenticated user with access to that file to obtain the password and gain access to the application database. Se...

Dell EMC ESRS Virtual Edition Plaintext Password Storage Vulnerability

Dell EMC ESRS is a secure storage product from DEll. A plaintext password storage vulnerability exists in Dell EMC ESRS Virtual Edition that originates when database credentials are stored in plaintext in a configuration file. An authenticated, malicious user with access to the configuration file...

CVE-2018-9283

An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting XSS vulnerabilities in the firstname, lastname, billingaddress-address, billingaddress-zipcode, billingaddress-city, billingaddress-department, shippingaddress-address, shippingaddress-zipcode,...

Cross site scripting

An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting XSS vulnerabilities in the firstname, lastname, billingaddress-address, billingaddress-zipcode, billingaddress-city, billingaddress-department, shippingaddress-address, shippingaddress-zipcode,...

OpenText Document Sciences xPression SQL Injection Vulnerability (CNVD-2017-33295)

OpenText Document Sciences xPression formerly known as EMC Document Sciences xPression is a document output management and customer communication solution from OpenText Canada. The solution integrates an organization's Customer Relationship Management CRM, Enterprise Content Management ECM, and...

OpenText Document Sciences xPression 4.5SP1 Patch 13 SQL Injection

Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression Exploit was...

Philips' DoseWise Portal Hardcoding Vulnerability

Philips' DoseWise Portal is a web-based reporting and tracking tool for radiation exposure. A hard-coded vulnerability exists in Philips' DoseWise Portal. An attacker exploiting this vulnerability would first require elevated privileges in order for the attacker to access web application back-end...

CVE-2016-4328

MEDHOST Perioperative Information Management System aka PIMS or VPIMS before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server...

Belchior Foundry VCard 2.8 Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9910/info It has been reported that vCard is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow a malicious user access to certain admin functionality without havin...

SuSE 11.1 Security Update : glibc (SAT Patch Number 4944) (deprecated)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods. CVE-2011-2483 SUSE's crypt implementation supports the blowfish password hashing...

HPSBPI02732 SSRT100435 rev.2 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities

Potential Security Impact Remote execution of arbitrary code, directory traversal, creation and deletion of arbitrary files, unauthorized access to application database VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Managed Printing Administration. These...

Multiple Vulnerabilities in A Really Simple Chat (ARSC)

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in A Really Simple Chat ARSC which could be exploited to perform cross-site scripting, cross-site request forgery and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in A Really Simple Chat ARSC:...