Insecure password leads to Mangatoon data breach

The hugely popular Manga comics platform Mangatoon has fallen victim to a data breach. No fewer than 23 million user accounts could be at risk, thanks to a poorly secured database. Worse still, Mangatoon doesnt seem to be responding to messages from the breacher, or people notifying it that the...

Hospital Management System SQL Injection Vulnerability (CNVD-2022-74093)

Hospital Management System is a computer system that helps manage health care-related information and helps health care providers do their jobs efficiently. hospital Management System v1.0 is vulnerable to a SQL injection vulnerability that originates in the orders.php page's An SQL injection iss...

CVE-2022-22367

IBM UrbanCode Deploy UCD 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008...

CVE-2022-22367

IBM UrbanCode Deploy UCD 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008...

Prison Management System SQL Injection Vulnerability (CNVD-2022-48397)

Prison Management System is a prison management system from Carlo Montero's personal developer. v1.0 of Prison Management System contains a SQL injection vulnerability that originates in the application /pms/admin/visits/managevisit.php The vulnerability is caused by the lack of SQL data filter...

Prison Management System SQL Injection Vulnerability (CNVD-2022-48401)

Prison Management System is a prison management system by Carlo Montero's personal developer. v1.0 of Prison Management System is vulnerable to SQL injection, which originates from the application /pms/admin/inmates/viewinmate.php The vulnerability is caused by the lack of SQL data filter escapin...

Prison Management System SQL Injection Vulnerability (CNVD-2022-48389)

Prison Management System is a prison management system by Carlo Montero's personal developer. v1.0 of Prison Management System is vulnerable to SQL injection, which originates from the application /pms/admin/actions/manageaction. php in the id parameter lack of SQL data filter escaping, an attack...

Prison Management System SQL Injection Vulnerability (CNVD-2022-48395)

Prison Management System is a prison management system by Carlo Montero's personal developer. v1.0 of Prison Management System is vulnerable to SQL injection, which originates from the application /pms/admin/inmates/managerecord. php in the id parameter lack of SQL data filter escaping, an attack...

Jfinal CMS SQL Injection Vulnerability (CNVD-2022-58382)

Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS version v5.1.0 has a SQL injection vulnerability that originates from...

MGASA-2022-0239 Updated 389-ds-base packages fix security vulnerability

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows...

How the Evolution of Agents has Been Essential for Modern Database Security

In today’s data driven world, every organization’s most important asset is their data. Accordingly and similarly to other protected components like applications, web and peripheral gateways, databases require a dedicated security solution as well. An essential database security solution must...

CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

Default credentials

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

Sourcecodester Hospital Patient Records Management System SQL注入漏洞（CNVD-2022-48747）

Sourcecodester Hospital Patient Records Management System is a web-based application that provides an automated platform for hospitals to store and manage their patient records. sourcecodester Hospital Patient Records Management System is vulnerable to a SQL injection vulnerability that originate...

Student Registration and Fee Payment System SQL Injection Vulnerability

Student Registration and Fee Payment System is a student registration and fee payment management system. student registration and fee payment system v1.0 is vulnerable to SQL injection, which originates from /scms/student. php is missing SQL data filtering and escaping. An attacker could use this...

SourceCodester Bank Management System SQL Injection Vulnerability

Bank Management System is a bank management system. SourceCodester Bank Management System is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

CVE-2021-41672

PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database...

CVE-2022-31046

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

WordPress amtyThumb plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress amtyThumb plugin 4.2.0 and earlier versions are vulnerable to SQL injection, which stems fr...