ProjectSend SQL Injection Vulnerability

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A SQL injection vulnerability exists in the client-edit.php script in ProjectSend version r561. Since the users-edit.php script fails to adequately filter the 'id' parameter. A remote attacker can...

724CMS Has Multiple SQL Injection Vulnerabilities

724CMS is a content management system. 724CMS suffers from multiple SQL injection vulnerabilities due to the program failing to properly filter user-submitted input. The vulnerabilities allow remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

724CMS SQL 'ID' Parameter SQL Injection Vulnerability

724CMS is a content management system. A SQL injection vulnerability exists in the 724CMS SQL 'ID' parameter due to the program failing to properly filter user-submitted input. The vulnerability allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

SQL Injection Vulnerability in Special Equipment Safety Monitoring System of Fuzhou Development Zone Chuangda Electronics Co.

Fuzhou Development Zone Chuangda Electronics Co., Ltd. special equipment safety monitoring system is a set of safety monitoring system for regulating elevators and other special equipment. Fuzhou Development Zone, Chuangda Electronics Co., Ltd. special equipment safety monitoring system there are...

SQL injection vulnerability in HIMS-type hotel management system Photo_zh-cn.php page of Beijing Century Compass E-commerce Co.

Beijing Century Compass E-commerce Co., Ltd HIMS-type hotel management system is a set of software to provide management services for hotels, supporting membership, food and beverage, website/mobile application, intelligent cloth, channel distribution, revenue management and so on. There is a SQL...

SQL Injection Vulnerability in the Collaboration Management System/c6/Jhsoft.Web.login/NewList.aspx Page of Beijing Jinhe Network Co.

Beijing Jinhe Network Co., Ltd. collaborative management system, according to the precise management ideas guided by the 6C management concept design, the Internet technology, computer technology, Luan Runfeng's management concepts, Chinese culture, the four are closely integrated, the core of...

SQL Injection Vulnerability in Youyou's Email System of Shenzhen Hechen Communication Technology Co.

Shenzhen Hechen Communication Technology Co., Ltd. Youyou mail system is a modern enterprise to set up a professional e-mail service of a set of overall solutions, the mail system not only provides the conventional e-mail functions, but also extends the e-mail monitoring, e-mail antivirus, e-mail...

Unspecified SQL Injection Vulnerability in Piwigo

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. Piwigo suffers from an unspecified SQL injection vulnerability that could be exploited by attackers to compromise the...

Free Reprintables ArticleFR SQL Injection Vulnerability

Free Reprintables ArticleFR is an article directory scripting system from Free Reprintables Philippines. The system supports search engine optimization, anti-spam filters and page creation. A SQL injection vulnerability exists in the 'getProfile' function in the Free Reprintables ArticleFR...

ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' SQL Injection Vulnerability

ServiceDesk Plus is web-based helpdesk software that helps users manage all their communications from a single point. ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' has a SQL injection vulnerability due to the program failing to adequately filter user-supplied data before using it in SQL...

McAfee Data Loss Prevention Endpoint SQL Injection Vulnerability

McAfee Network Data Loss Prevention monitors network traffic and protects against data loss. A SQL injection vulnerability exists in McAfee Data Loss Prevention Endpoint, which could be exploited by an attacker to execute arbitrary SQL commands...

WordPress Plugin AJAX Post Search 'the_search_function' SQL Injection Vulnerability

WordPress is a content management system developed using the PHP language. WordPress plugin AJAX Post Search 'thesearchfunction' suffers from a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via the 'thesearchtext' parameter...

CVE-2014-8366

SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php...

Advance-Flow vulnerable to SQL injection

Overview Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

Mastery OA 2011-2013 pass to kill GETSHELL-a vulnerability warning-the black bar safety net

Statement: This program applied to a lot of government agencies, educational institutions, as well as the large stream companiesChina Telecom, etc.! Please after reading this don't try to for any use of the program website destruction attack invasion, etc... I made this post purely technical...

CitrusDB 0.3.6 uploadcc.php Arbitrary Database Injection

No description provided by source. source: http://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the...

List Site Pro 2.0 User Database Delimiter Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6685/info List Site PRO is a top site ranking system that counts hits from member sites and then ranks them according to the number of hits. A problem has been reported for List Site PRO that would allow an attacker to...

74CMS 二次注入 #3 (多处)

简要描述： No check out。 6月份了 不知道是自己倒数的多少个洞了。 2014年6月2日 16:06:55 最后写一个 写了就去上晚自习了。 时间原因 怕迟到 可以注入的地方很多 我就贴两个出来就算了。 demo成功。 详细说明： 总所周知 74cms在/user/userreg.php注册的时候 用户名： 只能包含中英文、数字和下划线 不允许注册特殊字符 但是在plus/ajaxuser.php中 也能注册。 在这里就没过滤特殊字符了。 elseif $act=='doreg' $captcha=getcache'captcha'; if...

CVE-2013-5640

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...

Ecmall SQL注射之一

简要描述： 之前给公司提交过ecmall的一个漏洞合集，然后公司助理特地打shopex的400电话问要不要漏洞详情，结果却被无情地告知等他们想知道的时候再来询问漏洞详情。 Shopex对待安全就是这种态度么？ 在此发一个新的注射，之前提交给我司的那些漏洞这里就先不发了，shopex你知道该怎么做的。 详细说明： 缺陷文件：/app/coupon.app.php function extend $couponid = isset$GET'id' ? trim$GET'id' : ''; if empty$couponid echo Lang::get'nocoupon'; exit; if...