EUVD-2018-21949

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

CVE-2018-25425

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...

Pydio Cells Information Disclosure Vulnerability

Pydio Cells is a transitional application for managing files on a Pydio Cells 1.2.X server. An information disclosure vulnerability exists in versions of Pydio Cells prior to 1.5.0, which stems from Pydio Cells failing to properly handle a Name field that is not in the expected Unicode format and...

CVE-2019-0278

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration Messaging System, fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure...

CVE-2016-1317

Cisco Unified Communications Manager 11.50.98000.480 allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098...