Stored Cross-site Scripting and SQL Injection Vulnerabilities in YXcms Backend Membership Management System

YXCMS is an efficient website management system built on PHP+MYSQL. A stored cross-site scripting and SQL injection vulnerability exists in the YXcms backend member management system. An attacker can exploit the vulnerabilities to obtain information such as database information and user cookies,...

SQL Injection Vulnerability in State Micro CMS School Crowd System

State Micro CMS formerly PHP168 S series is a leading manufacturer of domestic government, school and group platforms, and is also the largest open source system provider in the field of PHP in southern China. State Micro CMS school station group system has SQL injection vulnerability, attackers...

CVE-2018-9102

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for...

CVE-2018-9102

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for...

Apache Fineract SQL Injection Vulnerability (CNVD-2018-09808)

Apache Fineract is a set of open source digital financial services platform of the U.S. Apache Apache Software Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. An SQL injection vulnerability...

SQL Injection Vulnerability in Duoduocms V8.3_UTF8_20180131 Official Version

DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuoRebate duoduocms V8.3UTF820180131 official version of the existence of SQL injection vulnerability. The vulnerability stems from the system on the parameters of the...

Zoho ManageEngine Desktop Central Database Query Type Restriction Under-Execution Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A security...

Zhengzhou Yuanchen Culture Communication Co., Ltd. website construction system has SQL injection vulnerabilities

Zhengzhou Yuanchen Culture Communication Co., Ltd. is a high-tech enterprise engaged in the Internet, specializing in providing a full set of e-commerce solutions for many enterprises. There is a SQL injection vulnerability in the website construction system of Zhengzhou Yuanchen Culture...

SQL Injection Vulnerability in CMS of Wuhan Tengfei Liren E-commerce Co.

Wuhan Tengfei Liren E-commerce Co. A SQL injection vulnerability exists in the CMS of Wuhan Tengfei Liren E-commerce Co. An attacker can exploit this vulnerability to obtain sensitive information in the database...

Xuzhou Xunbang Technology Co., Ltd. website construction system has SQL injection vulnerabilities

Xuzhou Xunbang Technology Co., Ltd. is engaged in enterprise website design and production, shopping mall website production, marketing website production, mobile APP development, WeChat public platform, cell phone / micro-site production, Baidu optimization and promotion, 360 search promotion,...

The vulnerability in the `track_import_export.php` script of the U.motion builder system allows a perpetrator to execute arbitrary SQL queries against the database.

The vulnerability of the trackimportexport.php script of the U.motion builder system, a system for managing industrial and residential buildings, is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL...

Navarino Infinity SQL Injection Vulnerability

Navarino Infinity is a maritime bandwidth management and optimization solution from Navarino Greece. The solution can be used to equip many types of vessels. A SQL injection vulnerability exists in Navarino Infinity version 2.1.7. A remote attacker could exploit the vulnerability to inject SQL...

Anhui Zhishengyuan Information Technology Co., Ltd. website construction system has SQL injection vulnerabilities

Anhui Zhishengyuan Information Technology Co., Ltd. is an e-commerce operator with Internet technology as its core. There is a SQL injection vulnerability in the website construction system of Anhui Zhishengyuan Information Technology Co. An attacker can exploit the vulnerability to obtain...

Foreman SQL Injection Vulnerability

Foreman is a complete lifecycle management tool for physical and virtual servers. A SQL injection vulnerability exists in Foreman versions prior to 1.16.1. The vulnerability arises due to an input validation flaw in the id field in Foreman's dashboard controller. An attacker can exploit the...

UBUNTU-CVE-2018-9257

In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...

ALPINE-CVE-2018-9257

In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...

Wireshark CQL Parser Infinite Loop Vulnerability

Wireshark formerly Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.CQL dissector is one of the CQL query language parsers. A security vulnerability exists i...

The vulnerability of the NVBUBackup request handler’s software for data archiving and restoration by NetVault Backup allows a perpetrator to execute arbitrary code.

The vulnerability of the NVBUBackup request handler in software for data archiving and restoration by NetVault Backup is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the NVBUJobCountHistory Get request handler in the NetVault Backup software allows a attacker to execute arbitrary code.

The vulnerability of the NVBUJobCountHistory Get request handler in the NetVault Backup software for data archiving and restoration is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the NVBUPhaseStatus GetPlugins request handler in NetVault Backup software allows a attacker to execute arbitrary code.

The vulnerability of the NVBUPhaseStatus GetPlugins handler in NetVault Backup software relates to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...