The vulnerability of SAP Business Process Automation platform relates to errors in restricting XML references to external objects. This allows attackers to carry out attacks by injecting external XML entities into the system.

The vulnerability of the SAP Business Process Automation BPA platform relates to errors in restricting XML references to external objects, which are obtained from unverified sources. Exploiting this vulnerability allows a malicious actor to carry out an attack by injecting external XML entities a...

Shop7z Online Shopping System Fashion Edition Frontend Sh***.asp File SQL Injection Vulnerability

Shop7z online shopping system is to support Alipay, WeChat payment and a variety of commonly used interfaces, computer and cell phone version and APP seamless combination of data as a whole. Shop7z online shopping system fashion version of the front Sh.asp file SQL injection vulnerability...

PHP Uber-style GeoTracking 1.1 - SQL Injection

Exploit Title: PHP Uber-style GeoTracking 1.1 - SQL Injection Dork: N/A Date: 2019-01-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://dataninja.biz Software Link: https://codecanyon.net/item/php-uberstyle-geotracking/20320021 Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

Information Disclosure

sssd is vulnerable to information disclosure attacks. The vulnerability exists as it was found that sssd's sysdbsearchuserbyupnres function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash...

XML External Entity (XXE) To Read Files

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...

SQL Injection Vulnerability in the Frontend Bi***.ashx Page of eDoc, an Electronic Document Repository

Electronic document library eDoc is a click document management system developed by Anhui Qixing Studio. Electronic Document Library eDoc front Bi.ashx page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive...

SQL Injection Vulnerability in CCTV Digital Resource Teaching Platform

CCTV digital resource teaching platform is to provide users with online teaching services. SQL injection vulnerability exists in CCTF Digital Resource Teaching Platform. An attacker can exploit the vulnerability to log in to the account system and obtain sensitive information from the database...

SQL Injection Vulnerability in Laoban CMS V2.0 ty***.php Page

Laoban CMS content management system referred to as: Laoban CMS is developed by Laoban based on PHP + MYSQL environment of the open source station-building system. A SQL injection vulnerability exists in the Laoban CMS V2.0 ty.php page. An attacker can exploit this vulnerability to obtain sensiti...

Budabot 4.0 - Denial of Service Exploit

Exploit Title: Budabot 4.0 - Denial of Service PoC Date: 2018-10-15 Exploit Author: Ryan Delaney Author Contact: email protected Vendor Homepage: http://budabot.com/ Software Link: http://budabot.com/forum/viewtopic.php?f=8&t=1413 Version: 0.6 - 4.0 Tested on: 4.0 CVE: CVE-2018-19290 1. Descripti...

CVE-2018-19290

In modules/HELPBOTMODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the "!calc 5 x 5"...

Intel Media Server Studio - Improper Directory Permissions

Document Title: =============== Intel Media Server Studio - Improper Directory Permissions References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2170 Security ID:: INTEL-SA-00197 https://nvd.nist.gov/vuln/detail/CVE-2018-3697...

CVE-2018-19296

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack...

CVE-2018-3884

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...

CVE-2018-3885

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The orderby parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger thes...

WUZHI CMS SQL Injection Vulnerability (CNVD-2018-18142)

WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in the /coreframe/app/admin/pay/admin/index.php file in WUZHI CMS version 4.1.0. A remote attacker can exploit this...

New Man-in-the-Disk attack leaves millions of Android phones vulnerable

Security researchers at Check Point Software Technologies have discovered a new attack vector against the Android operating system that could potentially allow attackers to silently infect your smartphones with malicious apps or launch denial of service attacks. Dubbed Man-in-the-Disk , the attac...

Cross site scripting

Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

MGASA-2018-0279 Updated leptonica packages fix security vulnerabilities

This update fixes a security issue potential injection attack using gplot rootdir originally reported in CVE-2018-3836. This fix was incomplete and again reported in CVE-2018-7440 and CVE-2018-7442. The improved fix is included in leptonica-1.76.0...

The vulnerability of the web portal for managing the Ericsson-LG iPECS NMS allows a hacker to bypass authentication procedures and execute arbitrary code.

The vulnerability of the Ericsson-LG iPECS NMS network management portal is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and execute arbitrary code using parameters “id” and...

Wecodex Store Paypal SQL Injection Vulnerability

Wecodex Store Paypal is a management system. A SQL injection vulnerability exists in Wecodex Store Paypal. An attacker can exploit the vulnerability to obtain sensitive information...