509 matches found
CVE-2018-1000669
CVE-2018-1000669 | KOHA Library System contains a CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl affecting borrowernumber, amount, amountoutstanding, and paid. An attacker can result in marking payments as paid for certain users on behalf of Administrators, via a socially engineered li...
Evergreen Information Disclosure Vulnerability
Evergreen is an open source, highly scalable library system ILS developed by the Evergreen community. The system helps patrons find library materials and helps with library management, organizing catalogs, and distributing those materials, among other things. A security vulnerability exists in th...
events.carr.org XSS vulnerability
Vulnerable URL: http://events.carr.org/allegany/evanced/roomrequest.asp?AllRoomsCheck==1=Allegany%20County%20Library%20System%20Room%20Request=1/-///'/"//--...
SQL injection vulnerability in zylr.jsp page kzh parameter of Beijing Tsinghua University Xinyang book retrieval system
The library system of Beijing Qingda Xinyang Technology Co., Ltd. is a set of library comprehensive business management network platform under the open Web platform using object-oriented programming technology, advanced technology, easy to share resources and remote maintenance. The product has a...
SQL injection vulnerability in the nRecno parameter of the GetRegistInfoAjax.aspx page of the ilas online library system of Shenzhen Ketu Automation New Technology Application Co.
Integrated Library Automation System ILAS is the Ministry of Culture in 1988 as a national key scientific and technological projects issued by the Shenzhen Library to undertake and organize the development of a set of libraries at home and abroad to adapt to different levels, a variety of scales,...
Authentication Bypass Vulnerability in the Library System of Beijing Dingfeng Jinye Technology Co.
Ltd. library system is widely used in various enterprises and institutions, schools and universities and other libraries. It mainly includes several modules such as system management, system query, system setting, printing, borrowing and returning books. There is an authentication bypass...
SQL injection vulnerability in the library system bookinfo.aspx?id= parameter of Beijing Dingfeng Jinye Technology Co.
Ltd. library system is widely used in various enterprises and institutions, schools and universities and other libraries. It mainly includes several modules such as system management, system query, system setting, printing, borrowing and returning books. There is a SQL injection vulnerability in...
SQL injection vulnerability in the library system showpic.aspx?id= parameter of Beijing Dingfeng Jinye Technology Co.
Ltd. library system is widely used in various enterprises and institutions, schools and universities and other libraries. It mainly includes several modules such as system management, system query, system setting, printing, borrowing and returning books. There is a SQL injection vulnerability in...
清大新洋图书馆书目检索系统通用SQL注入漏洞#2
简要描述: 通用SQL注入漏洞2 清大新洋官网:http://www.infosea.com.cn 详细说明: 图书馆书目检索系统 注入点:/opac/dzjgjsjg.jsp POSTqsrq=&jsrq=&ssxx= 漏洞证明: 通用漏洞,下面给出多个案例进行证明: 案例①:http://...:8089/opac/dzjgjsjg.jsp 案例②:.../opac/dzjgjsjg.jsp 案例③:...:8088/opac/dzjgjsjg.jsp 案例④:...:8088/opac/dzjgjsjg.jsp 案例⑤:...:8089/opac/dzjgjsjg.jsp img...
某图书系统通用注入一枚
简要描述: RT 详细说明: http://www.infosea.com.cn/yonghu.html 北京清大新洋科技有限公司 注入文件:opac/jszjl.jsp?wxlx= 延时注入 测试案例: http://125.223.252.12:8089/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://210.45.183.219/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://lib.tongde.com:8089/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3...
某图书系统通用注入一枚
简要描述: RT 详细说明: http://www.infosea.com.cn/yonghu.html 北京清大新洋科技有限公司 注入文件:opac/ckmarc.jsp?kzh= 测试案例: http://61.187.55.41:8090/opac/ckmarc.jsp?kzh=zyk0347383 http://tsjs.sdwm.cn:8000/opac/ckmarc.jsp?kzh=zyk0043454 http://60.171.185.69:8089/opac/ckmarc.jsp?kzh=zyk0046921...
Evergreen Information Disclosure Vulnerability (CNVD-2015-01581)
Evergreen is an open source, highly scalable library system ILS developed by the Evergreen community. The system helps patrons find library materials and helps with library management, organizing catalogs, and distributing those materials, among other things. An information disclosure vulnerabili...
Evergreen Information Disclosure Vulnerability
Evergreen is an open source, highly scalable library system ILS developed by the Evergreen community. The system helps patrons find library materials and helps with library management, organizing catalogs, and distributing those materials, among other things. Evergreen suffers from an information...
SQL Injection Vulnerability in the Library System of Beijing Qingda Xinyang Technology Co.
The library system of Beijing Qingda Xinyang Technology Co., Ltd. is a set of library comprehensive business management network platform under the open Web platform using object-oriented programming technology, advanced technology, easy to share resources and remote maintenance. Beijing Tsinghua...
PALS Library System WebPALS 1.0 pals-cgi Arbitrary Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root...
PALS Library System WebPALS 1.0 pals-cgi Traversal Arbitrary File Read
No description provided by source. source: http://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root...
Vastal I-Tech Mag Zone (cat_id) SQL Injection Vulnerability
No description provided by source. Vastal I-Tech Mag Zone SQL Injection Vulnerability Author : Stack Script Home Page : http://www.vastal.com/mag-zone-online-library-system.html Demo : http://www.vastal.com/mag/ the exploit fate the password use ur mind for have the column username Exploit:...
Vastal I-Tech Mag Zone - cat_id SQL Injection
Vastal I-Tech Mag Zone - catid SQL Injection Vastal I-Tech Mag Zone SQL Injection Vulnerability Author : Stack Script Home Page : http://www.vastal.com/mag-zone-online-library-system.html Demo : http://www.vastal.com/mag/ the exploit fate the password use ur mind for have the column username...
Vastal I-Tech Mag Zone - 'cat_id' SQL Injection
Vastal I-Tech Mag Zone SQL Injection Vulnerability Author : Stack Script Home Page : http://www.vastal.com/mag-zone-online-library-system.html Demo : http://www.vastal.com/mag/ the exploit fate the password use ur mind for have the column username Exploit:...
[Full-disclosure] OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities
Security Advisory - - OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities - ---------------------------------------------------- Product: OpenBiblio Version: Version 0.5.2 Prerelease 4 and prior is affected Url: http://obiblio.sourceforge.net/ Affected by: Full path disclosure, local file...