Fedora: Security Advisory for cacti (FEDORA-2021-598b6d2924)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

DEBIAN-CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

SKYUC video-on-demand system has SQL injection vulnerability

SKYUC video on demand system is a theater solution built using PHP language and MYSQL database. SKYUC Video-on-Demand System suffers from SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...

Stripe: Object injection in `stripe-billing-typographic` GitHub project via /auth/login

An object injection vulnerability was discovered in the stripe-billing-typographic GitHub project, which allowed an attacker to bypass authentication and perform a SQL injection attack. The vulnerability was caused by a dependency called sqlstring, which mishandled objects in queries. The impact ...

Code Execution Vulnerability in EmpireCMS v7.5 Backend

EmpireCMS is an open source software program that runs on a PHP MySQL database. A code execution vulnerability exists in the EmpireCMS v7.5 backend, which can be exploited by an attacker to upload Trojan horse files and execute system commands...

Dream CMS has multiple vulnerabilities

Dream CMS lmxcms is developed using php language and mysql database, and adopts the mainstream MVC design model. Dream CMS has multiple vulnerabilities that can be exploited by attackers to obtain sensitive database information...

SQL injection vulnerability exists in the open-source version of the UX365 web site navigation (CNVD-2021-24439)

Youkai 365 Web site navigation open source version is based on PHP + MYSQL development and construction of open source Web site catalog management system. Uke365 Web site navigation open source version of the existence of SQL injection vulnerability . Attackers can exploit the vulnerability to...

Logic flaw vulnerability in oasys

oasys is an OA office automation system , the use of Maven for project management , springboot framework based on the development of the project , mysql underlying database , the front-end freemarker template engine , Bootstrap as the front-end UI framework , integrated jpa, mybatis and other...

Sourcecodester Pisay Online E-Learning System SQL Injection Vulnerability (CNVD-2021-95936)

Sourcecodester Pisay Online E-Learning System is an online e-learning system based on PHP and MySQL. Sourcecodester Pisay Online E-Learning System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in a database-based...

Joomla! Template Manager Missing Input Validation Vulnerability

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A vulnerability exists in Joomla! 3.2.0 - 3.9.24 where the template manager lacks...

Joomla! path traversal vulnerability (CNVD-2021-16936)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A path traversal vulnerability exists in Joomla! 3.0.0 - 3.9.24. An attacker can...

Joomla! cross-site scripting vulnerability (CNVD-2021-15050)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! 2.5.0 - 3.9.24. The...

Incorrect ACL Check Vulnerability in Joomla!

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An incorrect ACL checking vulnerability exists in Joomla! 3.0.0 - 3.9.24. An...

Mailtrain SQL Injection Vulnerability

Mailtrain is an open source hosted newsletter application built on Node.js and MySQL/MariaDB. A SQL injection vulnerability exists in Mailtrain 1.24.1 and earlier in lib/models/campaigns.js in statsClickedSubscribersByColumn. The vulnerability stems from not properly escaping variable column name...

RGCMS suffers from a file upload vulnerability (CNVD-2021-03290)

RGCMS RuiGu content management system is a set of open source building management system , using PHP language , written in the framework of Thinkphp5.1. , the database using MYSQL database . RGCMS file upload vulnerability , an attacker can use this vulnerability to obtain control of the server...

Ransomware in 2020: A Banner Year for Extortion

Remote learning platforms shut down. Hospital chemotherapy appointments cancelled. Ransomware attacks in 2020 dominated as a top threat vector this past year. Couple that with the COVID-19 pandemic, putting strains on the healthcare sector, and we witnessed ransomware exact a particularly cruel...

Baby Care System 1.0 SQL Injection

Exploit Title: Baby Care System 1.0 - 'roleid' SQL Injection Exploit Author: Vijay Sachdeva Date: 2020-12-23 Vendor Homepage: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html Software Link:...

CVE-2020-26277

DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a syst...

CVE-2020-26277

DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a syst...

Customer Support System 1.0 SQL Injection

Exploit Title: Customer Support System 1.0 - 'id' SQL Injection Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...