CVE-2021-40503

An information disclosure vulnerability exists in SAP GUI for Windows - versions 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able ...

XSS Vulnerability in WeChat Public Number Backend System

WeChat public number belongs to Tencent, is the developer or business in the WeChat public platform application account, the account and QQ account interoperability, the platform to achieve and specific groups of text, pictures, voice, video, a full range of communication, interaction , the...

Weak Password Vulnerability in Guangzhou Kingston's Dynamic Loop Monitoring Backend System

Guangzhou Kingston Electronic Technology Co., Ltd. is a high-tech company integrating R&D, production and sales, and is the leading developer and manufacturer of networked computer room power environment monitoring equipment in China. A weak password vulnerability exists in the back-end system of...

SQL Injection Vulnerability in Dynamic Ring Monitoring Backend System of Guangzhou Kingston Electronic Technology Company Limited (CNVD-2021-54063)

Guangzhou Kingston Electronic Technology Co., Ltd. is a high-tech company integrating R&D, production and sales, and is the leading developer and manufacturer of networked computer room power environment monitoring equipment in China. Guangzhou Kingston Electronic Technology Co., Ltd. dynamic rin...

SQL Injection Vulnerability in Dynamic Ring Monitoring Backend System of Guangzhou Kingston Electronic Technology Co.

Guangzhou Kingston Electronic Technology Co., Ltd. is a high-tech company integrating R&D, production and sales. Guangzhou Kingston Electronic Technology Co., Ltd. dynamic ring monitoring backend system SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive informati...

Nord Security: Getting SmartDNS for free from - join.nordvpn.com

The reporter identified an issue within our backend system which performs validation of the active services. There was a misconfiguration related to caching and time period calculation. This lead to SmartDNS service being active for a longer period of time than it should have been, compared with...

CSZ CMS 1.2.7 HTML Injection

Exploit Title: CSZ CMS 1.2.7 - 'title' HTML Injection Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/ Version: v1.2.7 Description: Authenticated user can inject hyperlink to Backend System Dashboard and Member...

CSZ CMS 1.2.7 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: CSZ CMS 1.2.7 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/ Version: v1.2.7 Description: Unauthorized user...

CSZ CMS 1.2.7 - (title) HTML Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: CSZ CMS 1.2.7 - 'title' HTML Injection Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/ Version: v1.2.7 Description: Authenticated user can...

CSZ CMS 1.2.7 - 'title' HTML Injection

Exploit Title: CSZ CMS 1.2.7 - 'title' HTML Injection Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/ Version: v1.2.7 Description: Authenticated user can inject hyperlink to Backend System Dashboard and Member...

Visma Bug Bounty Program: Administration page visible without authentication

A backend system administration interface could be accessed without authorization, but it did not display any data unless the user was correctly logged in...

Razer: Leftover back-end system on www.zest.co.th allows an unauthorized attacker to generate Razer Gold Pin for free

The tester discovered a residual backend system was left exposed. The system was removed from public access. Razer thanks the tester for his diligence...

SQL Injection Vulnerability in zhicms Background ad***.php Page

ZhiCms is an enterprise building system based on PHP and mysql technology. A SQL injection vulnerability exists in the ad.php page in the background of zhicms, which can be exploited by attackers to obtain sensitive information such as database...

Logic flaw vulnerability in Ruoyi's backend management system

Ruoyi backend management system is based on SpringBoot2.0 rights management system . A logic flaw vulnerability exists in the Ruoyi Backend Management System. An attacker can view the source code to obtain a username and password to log in to the backend...

S-CMS php version hospital website building system v1.0 backend aj***.php S**_sh*** parameter has SQL injection vulnerability

S-CMS Hospital Station Building System with applet is developed with php+mysql, which is easy and convenient to operate. S-CMS php version of the hospital building system v1.0 background aj.php Ssh parameter SQL injection vulnerability, attackers are able to exploit the vulnerability to obtain...

Unauthorized Access Vulnerability in the Backend of E-Ray Authorized Access System of Beijing Infosys Software Co.

Beijing Infosys Software Co., Ltd. is a company that focuses on the research of the laws of information and data formation and the rules that make up the world, society and individuals, and carries out the development and service of its rule models, application technologies and tools, and...

CVE-2018-14969

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS...

CVE-2018-8069

QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...

QCMS Cross-Site Scripting Vulnerability

QCMS is an open source content management system CMS for creating responsive websites. A cross-site scripting vulnerability exists in QCMS version 3.0. A remote attacker can exploit this vulnerability by sending the 'webname' parameter to the /backend/system.html URI to inject arbitrary web scrip...

Philips' DoseWise Portal Plaintext Storage Vulnerability

Philips' DoseWise Portal is a web-based reporting and tracking tool for radiation exposure. A plaintext storage vulnerability exists in Philips' DoseWise Portal. An attacker obtains text web application store login credentials in a back-end system file...