Local Services Search Engine Management System SQL注入漏洞

Local Services Search Engine Management System is a local services search engine management system. Local Services Search Engine Management System Project 1.0 suffers from a SQL injection vulnerability that arises from a database-based application that lacks validation of externally entered SQL...

Online Pet Shop Web App SQL注入漏洞

Online Pet Shop Web App is an open source web application. It is used for e-commerce or online stores. A SQL injection vulnerability exists in Online Pet Shop Web App. The vulnerability stems from a lack of validation of externally entered SQL statements in a database-based application. An attack...

Cross site scripting

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since t...

CVE-2021-27319

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter...

CVE-2020-12687

An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...

CVE-2019-14890

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license...

HotelDruid SQL Injection Vulnerability (CNVD-2019-17320)

HotelDruid is a hotel management system from the DigitalDruid.Net team. The system includes features such as room management, financial management and inventory management. A SQL injection vulnerability exists in HotelDruid versions prior to 2.3.1. The vulnerability stems from a lack of validatio...

WebGalamb suffers from a SQL injection vulnerability

Webgalamb is a suite of newsletter and email marketing software. A SQL injection vulnerability exists in Webgalamb 7.0 and prior versions, which stems from a database-based application that lacks validation of externally entered SQL statements. An attacker can exploit the vulnerability to execute...

A Deep Dive into Database Attacks [Part III]: Why Scarlett Johansson’s Picture Got My Postgres Database to Start Mining Monero

As part of Imperva’s efforts to protect our customers’ data, we have an ongoing research project focused on analyzing and sharing different attack methods on databases. If you aren’t familiar with this project, which we call StickyDB, please read Part I and Part II. There we explain this database...

Issuetracker phpBugTracker SQL Injection Vulnerability (CNVD-2017-30876)

Issuetracker phpBugTracker is a web-based defect tracking system. The system provides features such as project management and defect tracking services. An SQL injection vulnerability exists in Issuetracker phpBugTracker versions prior to 1.7.0. A remote attacker can exploit this vulnerability to...

TUTUCMS system admin\Article.php page by parameter has SQL injection vulnerability

TUTUCMS is a CMS management program developed for image-based websites. A SQL injection vulnerability exists in the admin\Article.php page of the TUTUCMS system. The lack of filtering of the 'by' parameter allows an attacker to exploit the vulnerability to obtain sensitive information from the...

Arab Portal SQL Injection Vulnerability

Arab Portal is a set of web portals. A SQL injection vulnerability exists in Arab Portal version 3, which stems from a failure of the members.php script to adequately filter the 'showemail' parameter in the signup operation. A remote attacker could use this vulnerability to execute arbitrary SQL...

PostNuke Modules Factory Subjects Module 2.0 - SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11148/info Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI parameters. ...

NukeCalendar 1.1 .a block-Calendar.php Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...

Protector System 1.15 b1 index.php SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10206/info Multiple vulnerabilities were reported to exist in Protector System, which is a third-party module for PHP-Nuke. Cross-site scripting and SQL injection vulnerabilities were reported. Exploitation of these issue...

SPGPartenaires 3.0.1 ident.php SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/6455/info Several vulnerabilities have been discovered in SPGPartenaires. The vulnerabilities are due to insufficient sanitization of the 'pass' and 'SPGP' variables used to construct SQL queries in various PHP scripts. B...

vbPortal 2.0 alpha 8.1 Authentication SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8613/info It has been reported that vbPortal is prone to SQL injection attacks when authentication users. The problem occurs due to insufficient sanitization of the $aid variable, used to store the name of the...

NukeCalendar 1.1 .a block-Calendar_center.php Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...

SPGPartenaires 3.0.1 delete.php SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/6455/info Several vulnerabilities have been discovered in SPGPartenaires. The vulnerabilities are due to insufficient sanitization of the 'pass' and 'SPGP' variables used to construct SQL queries in various PHP scripts. B...

Protector System 1.15 blocker_query.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10206/info Multiple vulnerabilities were reported to exist in Protector System, which is a third-party module for PHP-Nuke. Cross-site scripting and SQL injection vulnerabilities were reported. Exploitation of these issue...