678 matches found
CVE-2019-13021
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...
SQL Injection Vulnerability in Us*** Parameters of Joomla! ordasoft-cck Component
Developed with PHP language and MySQL database, Joomla! is a content management system. A SQL injection vulnerability exists in the Us parameter of the Joomla! ordasoft-cck component, which can be exploited by an attacker to obtain sensitive information about a database...
SQL injection vulnerability in the la***_ty*** parameter of the ordasoft-cck component of Joomla!
Developed with PHP language and MySQL database, Joomla! is a content management system. A SQL injection vulnerability exists in the laty parameter of the Joomla! ordasoft-cck component. An attacker can exploit this vulnerability to obtain sensitive database information...
Multiple SQL Injection Vulnerabilities in YIXUNCMS Backend
YIXUNCMS is a showcase website system developed by Yixun Software Studio for small and medium-sized enterprises, using PHP language and with a stable MYSQL database. YIXUNCMS background there are multiple SQL injection vulnerabilities. Attackers can use the vulnerability to obtain sensitive...
ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting
Exploit Title: ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting Exploit Author: Bobby Cooke Date: 2020-04-29 Software Link: https://github.com/tmorrell/cheminv Software Info: "Cheminv is a web-based chemical inventory system. This responsive database provides an accessible way to...
Command Execution Vulnerability in YCCMS
YCCMS is a version of PHP5 + MYSQL as the technical basis for the development of lightweight CMS station-building system. YCCMS has a command execution vulnerability that can be exploited by attackers to execute code to gain control of the server...
GDPR Compliance Site Leaks Git Data, Passwords
A website that gives advice on privacy regulation compliance has fixed a security issue that was exposing MySQL database settings — including passwords — to anyone on the internet. The website, GDPR.EU, is an advice site for organizations that are struggling to comply with the General Data...
GDPR.EU has er… a data leakage issue
GDPR.EU is an advice site ‘operated by Proton Technologies AG, co-funded by … the EU Horizon Framework’. It’s full of useful advice for organisations that need to comply with GDPR. Whilst it isn’t an official EU Commission site, it is partly funded by the EU. You may also be familiar with Proton...
PMB 5.6 - 'logid' SQL Injection
Exploit Title: PMB 5.6 - 'logid' SQL Injection Google Dork: inurl:opaccss Date: 2020-04-20 Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 -==== Software Description ====- PMB is a...
PMB 5.6 - (logid) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: PMB 5.6 - 'logid' SQL Injection Google Dork: inurl:opaccss Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 -====...
PMB 5.6 SQL Injection
Exploit Title: PMB 5.6 - 'logid' SQL Injection Google Dork: inurl:opaccss Date: 2020-04-20 Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 -==== Software Description ====- PMB is a...
UBUNTU-CVE-2020-2930
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
Sql injection
Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters account.php, uname and pass parameters login.php, and id parameter bookcar.php This allows an attacker to dump the MySQL database and to bypass the login...
CVE-2020-11545
Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters account.php, uname and pass parameters login.php, and id parameter bookcar.php This allows an attacker to dump the MySQL database and to bypass the login...
CVE-2020-10106
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt...
Sql injection
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt...
CVE-2020-10106
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt...
CVE-2020-5399: CredHub does not properly enable TLS for MySQL database connections | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database...
Adive Framework Cross-Site Request Forgery Vulnerability
Adive Framework is a PHP-based MySQL database management framework . A cross-site request forgery vulnerability exists in Adive Framework. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could exploit this...
School Management Software PHP/mySQL CSRF Vulnerability
School Management Software PHP/mySQL is a WEB school ERP management program. A cross-site request forgery vulnerability exists in School Management Software PHP/mySQL 2019-03-14 and prior versions. The vulnerability stems from the WEB application not adequately verifying that requests are coming...