code-projects Pharmacy Management SQL注入漏洞

code-projects Pharmacy Management is a pharmacy management system. A SQL injection vulnerability exists in code-projects Pharmacy Management because the username parameter in the product administrator login form does not effectively filter special characters in the input data. The vulnerability c...

CVE-2020-15785

A vulnerability has been identified in Siveillance Video Client All versions. In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid...

Privilege escalation

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional...

CVE-2020-11679

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation via Adminstrator/Users/Edit/:UserId, where requests aren’t checked for admin authority, enabling a normal user to add roles and gain administrator privileges. The issue is fixed in v1.0.1 per linked disclosures; CVSS data in sources ...

Design/Logic Flaw

Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway MWG 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header...

CVE-2019-3639 MWG UI: Cross-Frame Scripting vulnerability

Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway MWG 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header...

CVE-2019-3595 DLP Endpoint ePO extension not sanitizing CSV exports

Improper Neutralization of Special Elements used in a Command 'Command Injection' in ePO extension in McAfee Data Loss Prevention DLP 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is...

Seagate BlackArmor NAS device static adminstrator Password Reset vulnerability

Seagate BlackArmor NAS 路由器可以在没有任何授权下复位管理员密码，并且可以在新手引导下重置为任意密码 可以直接访问 http://目标IP地址/d41d8cd98f00b204e9800998ecf8427e.php 这个文件，然后就可以重置管理员密码。...