Bakeshop Inventory System SQL Injection Vulnerability

Bakeshop Inventory System is a bakery inventory management system. A SQL injection vulnerability exists in Bakeshop Inventory System version 1.0. A remote attacker can use the login page to view, add, modify, or delete information in the back-end database...

Cisco MATE Live Input Validation Vulnerability

Cisco MATE Live is a suite of network operations solutions from Cisco. The solution navigates and performs in-depth network analysis of current and historical data to make critical business and technology decisions. An input validation vulnerability exists in the web interface in Cisco MATE Live...

Cisco HyperFlex System system logging information disclosure vulnerability

Cisco HyperFlex System is the United States Cisco Cisco a data platform equipment. system logging is one of the system logger. An information disclosure vulnerability exists in system logging on the Cisco HyperFlex System, which arises from the program's failure to properly mask sensitive...

The vulnerability of the IBM Security Guardium information protection mechanism lies in its lack of protection for SQL query structures. This allows attackers to view, add, modify, or delete data.

The vulnerability of the IBM Security Guardium security tool relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely access, view, add, modify, or delete data using specially crafted SQL statements...

CVE-2017-1311

IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719...

Dokodemo eye Smart HD SCR02HD Unauthorized Access Vulnerability

Dokodemo eye Smart HD SCR02HD is a wireless monitor from NIPPON ANTENNA. An unauthorized access vulnerability exists in the Dokodemo eye Smart HD SCR02HD, which can be exploited by a remote attacker to view sensitive information and modify configuration...

McAfee Network Data Loss Prevention Elevation of Privilege Vulnerability

McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP suffers from an elevation of privilege vulnerability in the server implementation, which can be exploited by remote attackers to view confidential information by modifying HTTP...

SQL Injection Vulnerability in Province_city1.php File of Ohu Government System

Ohuhu government system is the government portal system of Shanghai Ohuhu Network Technology Co. A SQL injection vulnerability exists in the provincecity1.php file of the Ohuhu government system. An attacker can exploit this vulnerability to execute arbitrary SQL statements and obtain sensitive...

The vulnerability in Microsoft.NET Framework software allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability that allows for remote execution of code exists in the Microsoft .NET Framework. This vulnerability is related to incorrect handling of localized resource identifiers. Exploiting this vulnerability enables a malicious individual to gain full control over the system. They can then...

UBUNTU-CVE-2014-6276

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details...

Microsoft Windows Graphics Memory Corruption Vulnerability (CNVD-2015-08116)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A memory corruption vulnerability exists in the Windows font library of Microsoft Windows. The vulnerability exists because the program does not properly handle specially designed embedded fonts. A remo...

Piwik Local File Containment Vulnerability

Piwik formerly known as phpMyVisites is an open source website access statistics system based on PHP5 and MySQL. A local file inclusion vulnerability exists in the core/ViewDataTable/Factory.php script in Piwik versions prior to 2.15.0. A remote attacker can exploit this vulnerability to include...

MATCHA INVOICE vulnerable to SQL injection

Overview MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains multiple SQL injection CWE-89 vulnerabilities. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Microsoft Graphics Component Memory Corruption (MS14-007) - Ver2 (CVE-2014-0263)

A remote code execution vulnerability has been reported in Windows Graphics Component. The vulnerability is due to the way Windows components handle specially crafted GIF files. A remote attacker can exploit this issue by enticing a user to view GIF files in shared content. Successful exploitatio...

Google Privacy Director Alma Whitten Leaving

Alma Whitten, the director of privacy at Google, is stepping down from that role and leaves behind her a complicated legacy in regards to user privacy. Whitten has been the company’s top product and engineering privacy official since 2010 and was at the helm as the company navigated a number of...

Q&A: Evercookie Creator Samy Kamkar

Samy Kamkar has been making quite a bit of noise lately, beginning with his release of the Evercookie earlier this month and continuing with his talk at the SecTor conference this week on novel methods for stealing users’ cookies without any browser bugs. In this interview, he discusses both of...

MODx vulnerable to SQL injection

Overview MODx provided by The MODx CMS Project contains a SQL injection vulnerability. MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a SQL injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerabili...