Get-MonitorConfiguration returns an error after DDC/Site upgrade

When admin invokes a cmdlet: Get-MonitorConfiguration, the error is displayed: A database operation failed and could not be recovered : Reason ? CDF Control trace captured on the DDC shows the error: Monitor System Setting 'DisableGoogleAnalytics' exists in the database was loaded but not found i...

WordPress plugin Find and Replace All 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2021-22378

There is a race condition vulnerability in eCNS280TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal...

CVE-2019-12890

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...

HongCMS SQL Injection Vulnerability

HongCMS is an open source lightweight content management system CMS. An SQL injection vulnerability exists in the admin\controllers\database.php file in HongCMS version 3.0.0. Remote attackers can use admin/index.php/database/operate?dbaction=emptytable&tablename= URI to execute arbitrary SQL...

OpenText Document Sciences xPression 4.5SP1 Patch 13 SQL Injection Vulnerability

Exploit for java platform in category web applications Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText Document Sciences xPressi...

CVE-2017-12774

finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database...

Code injection

finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database...

CVE-2017-12774

finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database...

74CMS一逻辑漏洞导致两处二次注入

简要描述： 74CMS一逻辑漏洞导致两处二次注入 详细说明： 1.首先还是注册一个企业用户，在注册的过程中用burp抓包，修改里面的username字段 username=1′,1,1001,1,user,1,1,1,1,1,1,1 — a 2.74cms本来是不允许注册带有特殊字符的用户名的，但是使用这样的方法可以绕过过滤，我们来看一下数据库。 3.我们再来看哪里对该用户进行了二次数据库操作。找了很久，看到了对很多操作都提供了日志记录的功能。writememberslog函数 function...

PHPEMS多处存在水平权限问题

简要描述： PHPEMS多处存在水平权限问题 详细说明： 7.多处逻辑漏洞导致平行权限问题 Phems中多处存在平行权限问题，因为要杜绝这个问题必须每次数据库操作都要带上sessionuser但是phems的程序员却非常不配合，导致了多处存在平行权限的问题，我查阅了/app/exam/app.php这一页代码，给出具体出现的问题如下 1. 2108行附近 //删除一个错题记录// 平行权限漏洞 case 'delrecord': $recordid = $this-ev-get'questionid'; $this-favor-delRecord$recordid;...

MyBB多个SQL注入和跨站脚本漏洞

BUGTRAQ ID: 64570 MyBB是一个功能完整并且非常实用的论坛软件。 MyBB 1.6.12之前版本在实现上存在多个SQL注入及跨站脚本漏洞，成功利用后可使攻击者窃取cookie身份验证凭证、执行未授权数据库操作。这些漏洞源于没有正确过滤某些输入，这些输入相关ACP内编辑表情符号、用Akismet删除帖子、视频MyCode、表情符号提示符等。 0 MyBB MyBB 1.x 厂商补丁： MyBB ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mybb.com/...

CVE-2013-4943

The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access...

CVE-2013-4943

Siemens COMOS contains a privilege-escalation vulnerability (CVE-2013-4943) in the client application that allows a local, authenticated user to bypass database-operation restrictions via COMOS project access. Affected products/versions: COMOS pre-9.1 (all), 9.1 Upd458, 9.2 before 9.2.0.6.37, and...

A lightweight php framework full-Station injection-vulnerability warning-the black bar safety net

http://www.cephp.com/ Baidu search lightweight php framework, the first one is this CEPHP, hand cheap under test actually exists injection, download the source code and actually found the whole Station involved in the database operation of all the presence of injection, the variable is completely...

Ecshop v2. 7. 2 There is a user permission override vulnerability-vulnerability warning-the black bar safety net

ecshop gbk v2. 7. 2 login the user can operate the other user's information. 1. The user to modify the shipping address, before submitting the hidden addressid modified for other id,may be others the shipping address to eliminateand add a shipping address 2. Although the user cannot view other...

Snitz Forums 2000 'register.asp' SQL注入漏洞

Bugraq ID: 35764 Snitz Forums 2000是一款基于ASP的论坛程序。 Snitz Forums 2000不正确处理用户输入，远程攻击者可以利用漏洞获得敏感信息或对数据库进行操作。 register.asp脚本对"Email"参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或对数据库进行操作。 Snitz Forums 2000 Snitz Forums 2000 3.4.7 目前没有解决方案提供： http://forum.snitz.com/...

PowerGap Shopsystem "ag" SQL注入漏洞

CNCAN ID：CNCAN-2008081110 PowerGap Shopsystem是一款基于PHP的WEB应用程序。 PowerGap Shopsystem不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息或操作数据库。 问题是由于's03.php'脚本不正确过滤"ag"参数，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，可获得敏感信息或操作数据库。 PowerGap Shopsystem 目前没有解决方案提供： http://www.powergap.de/shopsystem-powergap.htm...

mForum 'usercp.php' SQL注入漏洞

BUGTRAQ ID: 30214 CNCAN ID：CNCAN-2008071504 mForum是一款基于PHP的WEB应用程序。 mForum不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'usercp.php'脚本对用户提交给WEB参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 mForum 0.1a 目前没有解决方案提供： http://sourceforge.net/projects/marcioforum/...

Aeries Browser Interface 'LostPwd.asp' SQL注入漏洞

BUGTRAQ ID: 26962 CNCAN ID:CNCAN-2007122401 Aeries Browser Interface是一款基于ASP的WEB应用程序。 Aeries Browser Interface不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'LostPwd.asp'脚本对用户提交的WEB参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Eagle Software AERIES Browser Interface 3.7.9.17...