152 matches found
SQL Injection Vulnerability in B2C_UQ Cloud Business System
UQ Cloud Business System B2C version is a compact e-commerce system, the platform is developed by PHP7.0+Mysql. B2CUQ Cloud Business System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
Design/Logic Flaw
An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands...
CVE-2018-7829
An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands...
CVE-2018-7829
The CVE-2018-7829 entry affects Schneider Electric Pelco Sarix/Spectra Cameras (Sarix Enhanced and Spectra Enhanced PTZ) with an improper neutralization of special elements in a query that enables an attacker to execute arbitrary OS commands. The ZeroScience ZSL-2017 report details an authenticat...
CVE-2018-19092
An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie...
SQL injection vulnerability in ZZCMS version 8.3 zs***.php file (CNVD-2018-19951)
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the zs.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...
Ruby on Rails: Validation bypass for queries generated for PostgreSQL
When using DB for PostgreSQL, I discovered that if a parameter of a query contains null character, there is a pattern in which subsequent strings are lost. how to reproduce Prepare the environment $ rails new postgresqlrails -TB --database=postgresql $ cd postgresqlrails $ bundle exec ruby -v rub...
Yixing Yulu Media Co., Ltd. website construction system suffers from SQL injection vulnerability
Yixing Yulu Media Co., Ltd. is to provide enterprises with the most comprehensive, thoughtful, professional Internet solutions, to provide WeChat small program, WeChat public number, domain name registration, web hosting, enterprise mailboxes, website construction, website development, website...
Information disclosure
Splunk through 7.0.1 allows information disclosure by appending raw/services/server/info/server-info?outputmode=json to a query, as demonstrated by discovering a license key...
CVE-2017-16082
CVE-2017-16082 is a remote code execution vulnerability in the pg module that triggers when the remote database or query returns a crafted column name. The provided connected documents show two vulnerable scenarios: (1) unsafe, user-supplied SQL containing a malicious column name, and (2) queryin...
The vulnerability of the NVBUJobHistory Get request handler in the NetVault Backup software allows a attacker to execute arbitrary code.
The vulnerability of the NVBUJobHistory Get request handler in the NetVault Backup software for data archiving and restoration is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
CVE-2017-17652
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results fr...
CVE-2017-17416
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue...
the-outpost.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-553529 Description| Value ---|--- Affected Website:| the-outpost.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
SQL Injection Vulnerability in ThinkLC V3.5 Classified Information System tops.php Page
ThinkLC Classified Information System is a local classified information system built on PHP+MYSQL development. A SQL injection vulnerability exists in the ThinkLC V3.5 Classified Information System tops.php page due to the program failing to adequately filter user-supplied input. An attacker can...
Code injection
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Query. Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
SQL Injection Vulnerability in SDCMS v1.2 Tag Lists
SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. SDCMS v1.2 version of the label list exists SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...
Microsoft Windows Information Disclosure Vulnerability (CNVD-2017-03748)
Microsoft Windows is a series of operating systems released by Microsoft Corporation.DNS Query is one of the DNS query components. An information disclosure vulnerability exists in DNS Query in Microsoft Windows. A remote attacker can exploit this vulnerability to obtain sensitive information by...
TYPO3 without PHP extension SQL injection vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland.Browser - TYPO3 without PHP Browser is one of the extensions that enable browsers to develop TYPO3 without PHP code. A SQL injection vulnerability exists in TYPO3 without...
WordPress Plugin All In One WP Security & Firewall admin/wp-security-list-login-fails.php SQL Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.All In One WP Security & Firewall Plugin for WordPress is a Wordpress Security Plugin. The All In One WP Security &...