Siemens SICAM SIAPP SDK has multiple vulnerabilities

The SICAM SIAPP SDK is a specialized toolkit designed to help developers build and simulate application containers that run on Siemens-specific hardware platforms. The Siemens SICAM SIAPP SDK contains multiple vulnerabilities that can be exploited by an attacker to compromise a customer-developed...

Unspecified vulnerability in mall-swarm

mall-swarm is a microservice mall system. There is a security vulnerability in mall-swarm, which originates from the mishandling of the orderID parameter in the paySuccess function in the file /order/paySuccess, for which no detailed vulnerability details are available at this time...

WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes SQL Injection Vulnerability

WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes is a plugin for bulk editing of WooCommerce product information, prices and attributes with support for Simple, Variant, External and Bundled products. WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes...

Simple Online Hotel Reservation System add_account.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter name/adminid in the file...

File Upload Vulnerability in YouDianCMS v9.0

YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. YouDianCMS v9.0 has a file upload vulnerability, which can be exploited by attackers to gain...

md4c denial of service vulnerability (CNVD-2020-58044)

md4c Markdown for C is a personal developer's implementation of the Markdown parser in C. It is a parser that can be used in a variety of languages. A denial of service vulnerability exists in mdpushblockbytes in md4c.c in md4c 0.4.5. An attacker can trigger the use of uninitialized memory via a...

Arbitrary file deletion vulnerability in ESPCMS Te***.php file

ESPCMS is a content management system CMS based on PHP and MySQL. An arbitrary file deletion vulnerability exists in the ESPCMS Te.php file. An attacker can exploit the vulnerability to delete arbitrary files, resulting in a duplicate installation of the website...

Cryptographic Algorithm Vulnerability in ABB Industrial Robot Teachers

ABB China Ltd. is committed to providing solutions for customers in the industrial, energy, power, transportation and construction sectors. A vulnerability exists in the encryption algorithm of the ABB industrial robot demonstrator. The vulnerability can be exploited by an attacker to crack the...

SQL injection vulnerability in the ph***_co*** parameter of the JEGallery component of Joomla!

Developed with PHP language and MySQL database, Joomla! is a content management system. A SQL injection vulnerability exists in the phco parameter of the Joomla! JEGallery component, which can be exploited by an attacker to obtain sensitive information from the database...

USDT has a fake top-up vulnerability

USDT is a token based on P2P transactions. The vulnerability stems from a flaw in the logic used by exchanges to confirm the success of a USDT top-up transaction by not checking the value of the valid field in the transaction details on the blockchain to see if it is true, resulting in a "fake...

SQL Injection Vulnerability in Ocean CMS

Ocean CMS is designed to solve the core needs of station owners and content management system, a set of programs to adapt to the computer, cell phone, tablet, APP multiple terminal entrances, without any encryption code, safe and secure station-building tools. Ocean CMS has SQL injection...

Buffer overflow vulnerability in multiple Huawei products (CNVD-2020-36733)

Huawei AP2000 and others are products of Huawei, China.Huawei AP2000 is a wireless access point device.Huawei IPS Module is an intrusion prevention system IPS module.NGFW Module is a next-generation firewall NGFW module. A buffer error vulnerability exists in multiple Huawei products that arises...

X5music Music Management System frontend ne***.php file has SQL injection vulnerability

X5music music management system is a set of open source music products. X5music music management system front ne.php file SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive information in the database...

Wuxi Time Network Technology Co., Ltd. website building system has SQL injection vulnerabilities

Time Network is a service outsourcing enterprise that integrates the development of network application technology, creative website design, network marketing and promotion services, and provides a full set of network marketing solutions, and is a professional company that focuses on...

Hao Chen CAD Viewing King suffers from dll hijacking vulnerability

HaoChen CAD Viewer original name: HaoChen YunDu is a free CAD software that supports all versions of dwg format drawings to open online, and is fully compatible with AutoCAD, Tianzheng CAD, etc. It is also compatible with AutoCAD, Tianzheng CAD and other CAD software. Hochen CAD Viewer has a dll...

S-CMS php version enterprise website builder system v3.0 backend aj***.php C**_1y*** parameter SQL injection vulnerability

S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. S-CMS php version of the enterprise website building system v3.0 background aj.php C1y parameter there is a SQL injection...

WordPress wp-all-import plugin security feature issue vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-all-import is an XML, CSV file import plugin used in it. WordPress wp-all-import plugin has a security feature issue...

SQL Injection Vulnerability in PHPMyWind mem***_up***.php File

PHPMyWind is a PHP + MySQL based development of W3C standards-compliant site building engine . A SQL injection vulnerability exists in the PHPMyWind memup.php file. An attacker can exploit this vulnerability to obtain sensitive database information...

PowerDNS Authoritative Server Module Cross-Site Scripting Vulnerability

PowerDNS Recursive Server is a high-end name resolution server. A cross-site scripting vulnerability exists in PowerDNS Recursor 4.0.6 and earlier versions, which can be exploited by an attacker to execute arbitrary code in a user's browser at an affected site...

ThinkPHP5 PDO Authenticity Preprocessing suffers from SQL Injection Vulnerability

ThinkPHP V5.0 is a high-performance framework designed for API development. A SQL injection vulnerability exists in ThinkPHP5 PDO authenticity preprocessing. The vulnerability is caused by controlling the value position of the in statement, i.e. by passing in an array, leading to a SQL injection...