File Containment Vulnerability in DM Building System (CNVD-2020-40756)

DM enterprise building system is developed by php + mysql a set of specialized in small and medium-sized enterprise website construction of open source cms. DM website builder system has a file containment vulnerability , attackers can exploit the vulnerability to obtain server privileges...

Arbitrary Code Execution Vulnerability in Multiple Versions of Intimate Home Care Intimate Cat (imcat)

Intimate Cat imcat is a general-purpose website system designed in PHP+MySQL architecture. Arbitrary code execution vulnerability exists in several versions of Intimate Home Care Intimate Cat imcat. An attacker can exploit the vulnerability to execute arbitrary code and gain server privileges...

Unauthorized Access Vulnerability in EML Enterprise Contacts Management System of Yisoftone.com

EML enterprise address book management system is based on Linux open kernel and Apache based Php+Mysql intelligent B/S interactive service system. EML Enterprise Address Book Management System of YisoftStone.com has an unauthorized access vulnerability, which can be exploited by attackers to caus...

Arbitrary File Deletion Vulnerability in HuCart

HuCart is a PHP+Mysql based enterprise building system that can run on various server platforms such as Linux and Windows. HuCart has an arbitrary file deletion vulnerability that can be exploited by attackers to arbitrarily delete server files...

HuCart Enterprise Building System v5.7.7 has file upload vulnerability

HuCart is a PHP+Mysql based enterprise building system CMS that can run on various server platforms such as Linux and Windows. A file upload vulnerability exists in HuCart Enterprise CMS v5.7.7, which can be exploited by attackers to upload arbitrary files...

Heybbs Micro Community v1.2 suffers from SQL injection vulnerability (CNVD-2020-23505)

HEYBBS micro-community is a front-end based on bootstrap+jq+css, back-end php+mysql development of micro-community program. Heybbs Micro Community v1.2 has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Command Execution Vulnerability in RGCMS

RuiGu information management system RGCMS is a set of open source building management system, using PHP language, written in the framework of Thinkphp5.1.+, the database using MYSQL database. RGCMS has a command execution vulnerability that can be exploited by attackers to gain control of the web...

SQL Injection Vulnerability in Heybbs Micro Community

Heybbs micro community is a front-end based on bootstrap + js + css, back-end php + mysql development of community programs. Heybbs Micro Community suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

CVE-2020-4230

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212...

Vulnerability of the Server component: The Optimizer of the MySQL Server database management system, which allows attackers to cause service failures.

The vulnerability of the Server component of the MySQL Server database management system’s optimizer is related to resource release errors. Exploiting this vulnerability allows a malicious actor to cause service interruptions through network packets...

HadSky has an XSS vulnerability

HadSky Light Forum is a newborn original PHP MySQL open source system , the main goal is to achieve light , fast , simple , full , 100% original open source system . HadSky XSS vulnerability , attackers can exploit the vulnerability to obtain administrator cookie information...

File Upload Vulnerability in RGCMS

RuiGu information management system RGCMS is a set of open source building management system, using PHP language, written in the framework of Thinkphp5.1.+, the database using MYSQL database. RGCMS has a file upload vulnerability. Attackers can use the vulnerability to obtain server privileges...

CVE-2019-2956

Vulnerability in the Core RDBMS jackson-databind component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocol...

The vulnerability of the Portable Clusterware component of the Oracle Database Server management system allows a hacker to gain full control over the database management system.

The vulnerability of the Portable Clusterware component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain full control over the database management system...

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data using the Oracle Net protocol stack...

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to gain full control over the DBMS.

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server is related to insufficient access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the DBMS using Oracle Net...

CVE-2018-1799

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429...

IBM DB2 Privilege Mobilization Vulnerability (CNVD-2018-22926)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A privilege extraction vulnerability exists in all revision packages of several versions of IBM DB2...

IBM DB2 Buffer Overflow Vulnerability (CNVD-2018-20058)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A buffer overflow vulnerability exists in the 'db2licm' tool in IBM DB2 including DB2 Connect Server...

CVE-2018-1711

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369...