41 matches found
CVE-2023-34635
Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page...
CVE-2023-33584
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection SQLI attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process...
CVE-2023-33584
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection SQLI attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process...
The vulnerability of the XCP Authentication service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) allows a perpetrator to cause a service failure.
The vulnerability of the XCP Authentication service in the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P system is related to insufficient validation of user input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a...
CVE-2023-32754
Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database...
PT-2023-20035 · Unknown · Faveo Helpdesk
Name of the Vulnerable Software and Affected Versions: Faveo Helpdesk versions 1.0 through 1.11.1 Description: The issue arises from a lack of validation on user input data during the login process. This allows parameters passed from the front end to the back end to be controlled, leading to SQL...
CVE-2023-25350
Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection...
CVE-2021-37413
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login...
IBM Spectrum Copy Data Management 操作系统命令注入漏洞
IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, has a security vulnerability that stems from the fact that the Spectrum Copy Data Management management console login and upload credentials function incorrectly...
CVE-2021-42169
The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code by: oretnom23 is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter username from the login form is not protected correctly and there is no security and escaping fr...
PT-2020-15601 · Kabir Alhasan · Kabir Alhasan Student Management System
Name of the Vulnerable Software and Affected Versions: Kabir Alhasan Student Management System version 1.0 Description: The issue allows for Authentication Bypass. An attacker can exploit this by using a specific combination of username and password, such as 'admin', to bypass authentication...
SQL Injection Vulnerability in Rural Three Capitals Comprehensive Information Management Platform of Shandong Nongyou Software Co.
It is a comprehensive information management platform that integrates rural assets, funds, and resources; the platform's bidding management system does not filter inputs during login, resulting in malicious sql statements that can be executed to access sensitive database information; SQL injectio...
Submitty Input Validation Error Vulnerability
Submitty is an open source course management system . The system supports course management , assignment submission , exams and grading system and other functions . An input validation error vulnerability exists in the login page in Submitty versions 20.04.01 and earlier. The vulnerability stems...
CVE-2019-12629
A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in t...
Vulnerability of systems for data collection and process control in Citect SCADA and Mitsubishi MX4 SCADA: This vulnerability arises due to buffer overflow in the login input field, allowing attackers to execute arbitrary code.
The vulnerability of systems for data collection and process control in Citect SCADA and Mitsubishi MX4 SCADA arises due to an overflow in the input field for the login string. Exploiting this vulnerability allows a attacker to execute arbitrary code using a long input string...
CVE-2019-13448
An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients...
Mitel MiVoice Connect SQL Injection Vulnerability
Mitel MiVoice Connect R1707-PREM and Mitel ST are both products of Mitel Corporation of Canada.Mitel MiVoice Connect R1707-PREM is a Unified Communications Management Appliance.ST is a videoconferencing product.conferencing is one of the notification components. conferencing is one of the...
UBUNTU-CVE-2017-5367
Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample...
mod_auth_mysql: character encoding SQL injection flaw
SQL injection vulnerability in modauthmysql.c in the mod-auth-mysql aka libapache2-mod-auth-mysql module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ backslash as part of the character encoding, allows remote attackers to execute arbitrary SQL...
overtheledger.txt
Hi; Affected versions: LedgerSMB 1.1.10 but see below, current is 1.1.11 SQL-Ledger 2.6.27 but see below. Current is 2.6.27 Effects: Arbitrary code execution both products and authentication bypass SQL-Ledger only. We have discovered yet another major security issue in both SQL-Ledger for affecte...