Lee Lei's blog ne***_sh***.php page suffers from a SQL injection vulnerability

Li Lei blog is an open source PHP blog management system . Li Lei blog nesh.php page SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitive information in the database...

Open Solutions for Education openSIS SQL Injection Vulnerability (CNVD-2020-52193)

Open Solutions for Education openSIS is a U.S. Open Solutions for Education, Inc. open source student information management system . A SQL injection vulnerability exists in Open Solutions for Education openSIS 7.4 and earlier versions, which stems from a lack of validation of externally entered...

Mattermost Server Injection Vulnerability

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.2.0. An attacker can exploit the vulnerability by injecting to read LDAP fields...

CVE-2020-14054

SOKKIA GNR5 Vanguard WEB version 1.2 build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3 and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page...

CVE-2020-4509

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364...

We-Com OpenData CMS 2.0 SQL Injection

Exploit Title: We-com OpenData CMS 2.0 Authentication Bypass / SQL Injection Google Dork:N/A Date: 2020-04-17 Exploit Author: @ThelastVvV Vendor Homepage: https://www.we-com.it/ Version: 2.0 Tested on: 5.5.0-kali1-amd64 --------------------------------------------------------- Vendor contact...

SQL Injection Vulnerability in Xionghai CMS Frontend

Xionghai CMS is a set of comprehensive website management system that can be widely used for personal blogs, personal websites and corporate websites. XIONGHAI CMS has a SQL injection vulnerability in the frontend, which can be exploited by attackers to obtain sensitive information from the...

SQL Injection Vulnerability in Shield Spirit Commodity Promotion System

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...

SQL Injection Vulnerability in Complaint Management System

Complaint Management System is a PHP project that allows complaints to be requested through an online service. The system is built using PHP, HTML, MYSQLi and Javascript. The Complaint Management System suffers from a SQL injection vulnerability that can be exploited by an attacker to obtain...

MGASA-2020-0195 Updated openvpn packages fix security vulnerability

Updated openvpn packages fix security vulnerability: An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters hav...

EulerOS Virtualization for ARM 64 3.0.2.0 : systemd (EulerOS-SA-2020-1216)

According to the versions of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. Wh...

USN-4296-1 python-django vulnerability

Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack...

Cross-site Scripting (XSS)

dolibarr is vulnerable to cross-site scripting XSS. The attack exists because it does not properly HTML encoded to sanitize $SERVER"HTTPREFERER" arguments, allowing an attacker to inject and execute malicious script...

SQL injection vulnerability in the frontend of the Ship 100 virtual goods auto-shipment system

Shipping 100 Virtual Goods Autoship System is a virtual goods autoship system/article pay to read system. Shipping 100 virtual goods autoship system SQL injection vulnerability exists in the foreground, an attacker can exploit the vulnerability to obtain database sensitive information...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1248)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress TablePress CSV Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.WordPress plugin TablePress is a table plugin that allows you to easily create and manage beautiful tables...

DLL Hijacking Vulnerability in WPS Installer

WPS Office is an office software suite independently developed by Kingsoft Corporation Limited, which can realize the most commonly used text, table, presentation and many other functions of office software. The WPS installer has a DLL hijacking vulnerability, which can be exploited by an attacke...

SQL Injection Vulnerability in the Website Building System of Jingteng Multimedia Co.

With the marketing planning and project manager system, Jingteng Multimedia Co., Ltd. analyzes customers' strengths and provides users with exclusive suggestions for website setup. A SQL injection vulnerability exists in the website builder system of Jinteng Multimedia Co. An attacker can exploit...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Product name or 2 Price description fields via a request to wp-admin/admin.php. NOTE: This issue may on...

SQL Injection Vulnerability in zzzcms sa***.php Page

zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in the zzzcms sa.php page, which can be exploited by an attacker to obtain sensitive information from the database...