Logic flaw vulnerability in the la***.php file of Qibo's new X1.0 system

Zibo's new X1.0 system is a website management system based on the latest thinkphp5 framework. A logic flaw vulnerability exists in the la.php file of the Qibo New X1.0 system. An attacker can use the vulnerability to modify the database data to promote ordinary users to super administrator...

Sql injection

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733...

Authorization Bypas

spip is vulnerable to authorization bypass. The vulnerability exists as authenticated visitors can modify any published content and execute other modifications in the database...

Ubuntu 18.04 LTS : SPIP vulnerabilities (USN-4536-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4536-1 advisory. Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site...

Input validation

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection...

CVE-2019-4650

IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961...

CVE-2019-4650

IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961...

CVE-2020-3184

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates...

SAP Adaptive Server Enterprise SQL Injection Vulnerability (CNVD-2020-29750)

SAP Adaptive Server Enterprise is a relational database server from SAP. A SQL injection vulnerability exists in SAP Adaptive Server Enterprise. An attacker could exploit this vulnerability by executing specially crafted query statements to elevate privileges, modify database objects, or execute...

CVE-2020-6253

Under certain conditions, SAP Adaptive Server Enterprise Web Services, versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL...

Centreon 19.10.5 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Centreon 19.10.5 - 'id' SQL Injection Exploit Author: Basim alabdullah Vendor Homepage: https://www.centreon.com Software Link: https://download.centreon.com/ Version: v.19.10.5 Tested on: Centos 5 EXECUTIVE SUMMARY Centreon has...

Aruba Networks ClearPass Access Control Error Vulnerability

Aruba Networks ClearPass is an access management system from Aruba Networks that integrates network control, application and device management capabilities. A security vulnerability exists in Aruba Networks ClearPass versions 6.8.x prior to 6.8.4 and 6.7.x prior to 6.7.13. An attacker could explo...

Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential validation vulnerability (CVE-2019-4518)

Summary IBM Financial Transaction Manager for Check Services FTM CHK for Multi-Platform has addressed the following vulnerability. A potential validation vulnerability does not properly validate input which could allow an authenticated user to issue server commands or modify data in the database...

Sql injection

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-e...

Cisco SD-WAN Solution SQL Injection Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An SQL injection vulnerability exists in the web interface of Cisco SD-WAN Solution vManage. The vulnerability stems from insufficient validation of user-supplied input. A remote...

Cisco SD-WAN Solution SQL Injection Vulnerability (CNVD-2020-04036)

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An SQL injection vulnerability exists in the web interface of Cisco SD-WAN Solution vManage. The vulnerability stems from insufficient validation of user-supplied input. An attacker could...

CVE-2019-15972

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. ...

Sql injection

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. ...

CVE-2019-15972 Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. ...

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...