Lucene search
K

152 matches found

CNVD
CNVD
added 2019/06/03 12:0 a.m.1 views

SQL Injection Vulnerability in B2C_UQ Cloud Business System

UQ Cloud Business System B2C version is a compact e-commerce system, the platform is developed by PHP7.0+Mysql. B2CUQ Cloud Business System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
Prion
Prion
added 2019/05/22 8:29 p.m.15 views

Design/Logic Flaw

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands...

9CVSS8.8AI score0.01721EPSS
Exploits1References1Affected Software59
Cvelist
Cvelist
added 2019/05/22 7:35 p.m.22 views

CVE-2018-7829

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands...

8.9AI score0.01721EPSS
Exploits1References1
CVE
CVE
added 2019/05/22 7:35 p.m.78 views

CVE-2018-7829

The CVE-2018-7829 entry affects Schneider Electric Pelco Sarix/Spectra Cameras (Sarix Enhanced and Spectra Enhanced PTZ) with an improper neutralization of special elements in a query that enables an attacker to execute arbitrary OS commands. The ZeroScience ZSL-2017 report details an authenticat...

9CVSS8.8AI score0.01721EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/11/07 7:29 p.m.3 views

CVE-2018-19092

An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie...

6.1CVSS5.8AI score0.00865EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/18 12:0 a.m.1 views

SQL injection vulnerability in ZZCMS version 8.3 zs***.php file (CNVD-2018-19951)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the zs.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...

7.6AI score
Exploits0
Hacker One
Hacker One
added 2018/08/13 2:44 p.m.51 views

Ruby on Rails: Validation bypass for queries generated for PostgreSQL

When using DB for PostgreSQL, I discovered that if a parameter of a query contains null character, there is a pattern in which subsequent strings are lost. how to reproduce Prepare the environment $ rails new postgresqlrails -TB --database=postgresql $ cd postgresqlrails $ bundle exec ruby -v rub...

0.5AI score
Exploits0
CNVD
CNVD
added 2018/08/03 12:0 a.m.1 views

Yixing Yulu Media Co., Ltd. website construction system suffers from SQL injection vulnerability

Yixing Yulu Media Co., Ltd. is to provide enterprises with the most comprehensive, thoughtful, professional Internet solutions, to provide WeChat small program, WeChat public number, domain name registration, web hosting, enterprise mailboxes, website construction, website development, website...

7.6AI score
Exploits0
Prion
Prion
added 2018/06/08 12:29 p.m.20 views

Information disclosure

Splunk through 7.0.1 allows information disclosure by appending raw/services/server/info/server-info?outputmode=json to a query, as demonstrated by discovering a license key...

5CVSS5AI score0.98371EPSS
Exploits7References3Affected Software1
CVE
CVE
added 2018/06/07 2:0 a.m.81 views

CVE-2017-16082

CVE-2017-16082 is a remote code execution vulnerability in the pg module that triggers when the remote database or query returns a crafted column name. The provided connected documents show two vulnerable scenarios: (1) unsafe, user-supplied SQL containing a malicious column name, and (2) queryin...

9.8CVSS9.6AI score0.10513EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/03/28 12:0 a.m.5 views

The vulnerability of the NVBUJobHistory Get request handler in the NetVault Backup software allows a attacker to execute arbitrary code.

The vulnerability of the NVBUJobHistory Get request handler in the NetVault Backup software for data archiving and restoration is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

9.8CVSS6.1AI score0.03933EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/02/08 6:29 p.m.5 views

CVE-2017-17652

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results fr...

9.8CVSS6.2AI score0.03933EPSS
Exploits0References1
OSV
OSV
added 2018/02/08 6:29 p.m.5 views

CVE-2017-17416

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue...

9.8CVSS6.2AI score0.03933EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2018/02/05 6:3 p.m.15 views

the-outpost.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-553529 Description| Value ---|--- Affected Website:| the-outpost.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
CNVD
CNVD
added 2017/12/21 12:0 a.m.1 views

SQL Injection Vulnerability in ThinkLC V3.5 Classified Information System tops.php Page

ThinkLC Classified Information System is a local classified information system built on PHP+MYSQL development. A SQL injection vulnerability exists in the ThinkLC V3.5 Classified Information System tops.php page due to the program failing to adequately filter user-supplied input. An attacker can...

7.3AI score
Exploits0
Prion
Prion
added 2017/10/19 5:29 p.m.16 views

Code injection

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Query. Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

5.8CVSS5.1AI score0.0147EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/09/06 12:0 a.m.3 views

SQL Injection Vulnerability in SDCMS v1.2 Tag Lists

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. SDCMS v1.2 version of the label list exists SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2017/03/20 12:0 a.m.2 views

Microsoft Windows Information Disclosure Vulnerability (CNVD-2017-03748)

Microsoft Windows is a series of operating systems released by Microsoft Corporation.DNS Query is one of the DNS query components. An information disclosure vulnerability exists in DNS Query in Microsoft Windows. A remote attacker can exploit this vulnerability to obtain sensitive information by...

4.3CVSS6.1AI score0.13958EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.0 views

TYPO3 without PHP extension SQL injection vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland.Browser - TYPO3 without PHP Browser is one of the extensions that enable browsers to develop TYPO3 without PHP code. A SQL injection vulnerability exists in TYPO3 without...

8AI score
Exploits0References1
CNVD
CNVD
added 2015/04/14 12:0 a.m.2 views

WordPress Plugin All In One WP Security & Firewall admin/wp-security-list-login-fails.php SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.All In One WP Security & Firewall Plugin for WordPress is a Wordpress Security Plugin. The All In One WP Security &...

7.9AI score
Exploits0References1
Rows per page
Query Builder