279 matches found
SQL Injection Vulnerability in OneKey Education Cloud Disk Service Platform of Orient Boguan (Beijing) Technology Co.
The OneKey Education Cloud Disk Service Platform supports multiple platforms such as Web, PC, and Android cell phone clients for cross-platform and cross-terminal file sharing and anytime, anywhere access. There is a SQL injection vulnerability in the OneKey Education Cloud Disk Service Platform ...
CVE-2020-9309
SilverStripe CMS up to version 4.5 is vulnerable to script execution via malicious upload contents, when files with allowed extensions are stored as protected or draft and MIME detection causes browsers to run the file contents. Affected component/file: uploads handling (protected/draft state) an...
CVE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...
CVE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...
CVE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...
Eight images with SQL injection vulnerability
Eight Pictures is a web platform that allows you to encrypt pictures with QR codes. Eight Pictures suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Shop7z Online Shopping System Fashion Edition of Shijiazhuang Zhenghong Network Technology Co.
Shop7z online shopping system is ASP online store platform software. Shijiazhuang City Zhenghong Network Technology Co., Ltd Shop7z online shopping system fashion version of the existence of SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitive information in the...
SQL injection vulnerability in SeaCMS backend (CNVD-2019-45354)
SeaCMS is a station building system based on PHP+MYSQL architecture and supports cross-platform operation. There is a SQL injection vulnerability in the background of SeaCMS, which can be exploited by attackers to obtain sensitive database information...
cPanel Competitive Conditions Issue Vulnerability
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A Competing Conditions Issue vulnerability exists in versions of cPanel prior to 58.0.4. The vulnerability stems from improper...
cPanel Authorization Issues Vulnerability (CNVD-2019-36126)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An authorization issue vulnerability exists in cPanel. Detailed vulnerability details are not available at this time...
JetBrains YouTrack server code execution vulnerability
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A code execution vulnerability exists in the JetBrains YouTrack server. The vulnerability...
SWIFT Alliance Web Platform Unauthorized File Modification Vulnerability
SWIFT Alliance Web Platform is SWIFT Belgium's suite of graphical user interface software for the SWIFT Alliance family of products. A security vulnerability exists in SWIFT Alliance Web Platform version 7.1.23. An attacker could exploit the vulnerability to tamper with log file names and error l...
CVE-2018-16386
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...
Design/Logic Flaw
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...
CVE-2018-16386
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...
CVE-2018-16386
SWIFT Alliance Web Platform 7.1.23 is affected. The issue is a log injection vulnerability where PATH_INFO to swp/login/EJBRemoteService/ can lead to arbitrary log filename and injection in error logs (null@java:comp/env/ error messages) as described in CVE-2018-16386 entries. The connected docum...
[SECURITY] Fedora 29 Update: wpewebkit-2.24.1-1.fc29
WPE allows embedders to create simple and performant systems based on Web platform technologies. It is designed with hardware acceleration in mind, leveraging common 3D graphics APIs for best performance...
Highly Critical Drupal CMS Flaw Affects Millions of Websites
The Drupal open-source content management system platform has issued an advisory for a highly critical remote-code execution RCE flaw in the Drupal core. The vulnerability CVE-2019-6340 arises from the fact that “some field types do not properly sanitize data from non-form sources,” according to...
S-CMS hospital website builder system b***.php file suffers from SQL injection vulnerability
S-CMS hospital station building system is developed by asp+access/mssql, easy to operate, convenient, support PC+mobile+WeChat. There is a SQL injection vulnerability in the b.php file of S-CMS Hospital Building System. Attackers can use the vulnerability to obtain sensitive information in the...
Fiserv Flaw Exposed Customer Data at Hundreds of Banks
Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned. Brookfield, Wisc.-based Fiserv...