CVE-2021-3833 Integria IMS incorrect authorization

Integria IMS login check uses a loose comparator "==" to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords...

SQL Injection Vulnerability in File Server Configuration Management System of UFIDA Network Technology Co.

Founded in 1988, UFIDA is a global provider of advanced cloud services, software, and financial services for enterprises and public organizations. A SQL injection vulnerability exists in the File Server Configuration Management System of UFIDA Network Technology Co., Ltd. that can be exploited by...

SQL Injection Vulnerability in Water Information Management Platform of Shandong Weimicro Technology Co.

Established in 1992, Shandong Weimicro Technology Co., Ltd. is a science and technology-oriented enterprise mainly engaged in technology research and development. A SQL injection vulnerability exists in the water information management platform, which can be exploited by attackers to obtain...

SQL Injection Vulnerability in Library Cluster Management System of Guangzhou Tutron Computer Software Development Co.

Ltd. is a high-tech enterprise integrating product research and development, application integration and customer service, with the main goal of providing high-quality application software system design, integration and maintenance services for users in the library industry. There is a SQL...

Sql injection

FUEL CMS 1.4.8 allows SQL injection via the 'fuelreplaceid' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

SQL Injection Vulnerability in BPM Business System of Shanghai Yizheng Information Technology Co.

Ltd. was founded in January 2008, specializing in providing enterprise customers with BPM Business Process Management system development, sales and customized business process management solution services. A SQL injection vulnerability exists in the BPM business system of Shanghai Yizheng...

CMSsite 1.0 - 'search' SQL Injection

Exploit Title: CMSsite 1.0 - 'search' SQL injection Exploit Author : Majid kalantari [email protected] Date: 2019-01-27 Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Windows 10 CVE: N/A...

Fedora 29 : spatialite-tools / sqlite (2018-ccbe8b931c)

Security fix for fts3/4 corrupt database exploit sqlite rebased to version 3.26.0 per: https://sqlite.org/releaselog/3260.html spatialite-tools rebuilt for latest sqlite version Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Fedora 28 : sqlite (2018-5f91fbf4fd)

Security fix for fts3/4 corrupt database exploit Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Getsploit v0.2.2 - Command Line Utility For Searching And Downloading Exploits

Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB , Metasploit , Packetstorm and others. The most powerful feature is immediate exploit source download right in...

SAT CFDI 3.3 SQL Injection

Exploit Title: SAT CFDI 3.3 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage: https://www.wecodex.com/item/view/verification-and-validation-system-sat-cfdi-33/8 Version: 3.3 Category: Webapps Tested on: Kali linux Description : PHP Dashboards is...

CVE-2017-6972

creationtimestamp| type| source ---|---|--- 2017-07-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42314...

CVE-2017-0288

creationtimestamp| type| source ---|---|--- 2017-06-23 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42241...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The attacker must be authenticated as an administrative user to execute SQL database queries. The...

Ktools Photostore 4.7.5 Blind SQL Injection

Title : Ktools Photostore = 4.7.5 Pre-Authentication Blind SQL Injection CVE-ID : CVE-2016-4337 Google Dork: inurl:mgr.login.php Product : Photostore Affected : Versions prior to 4.7.5 Impact : Critical Remote : Yes Website link: http://www.ktools.net Reported : 02/06/2016 Authors : Gal Goldshtei...

SolarWinds Web Performance Monitor (WPM) < 2.2 Multiple SQLi Vulnerabilities

SolarWinds Web Performance Monitor WPM is prone to multiple SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

WordPress All In One WP Security Plugin 3.8.2 - SQL Injection

This WordPress All In One WP Security plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

WSN Forum 1.21 Memberlist.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15549/info WSN Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

DZOIC Handshakes 3.5 - 'fname' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29353/info DZOIC Handshakes is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

DUportal 3.1.2 channel.asp iChannel Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13288/info DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful...