CVE-2020-4669

IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID:...

Universal Password Login Vulnerability in the Legal Knowledge Database System of Hangzhou Fayuan Software Co.

The Legal Knowledge Database System is a comprehensive database knowledge system containing various types of data resources. A universal password login vulnerability exists in the Legal Knowledge Database System of Hangzhou Law Source Software Co. An attacker can exploit the vulnerability to obta...

Bosch FSM-2500 server and Bosch FSM-5000 server hard-coded vulnerability

Bosch FSM-2500 and Bosch FSM-5000 are both panel-ready fire control systems from Bosch of Germany. Bosch FSM-2500 and Bosch FSM-5000 suffer from a hard-coded vulnerability that could be exploited by remote attackers to submit special requests to gain unauthorized access to the database system wit...

Oracle MySQL 安全漏洞

Oracle MySQL is an open source relational database management system.MySQL Server mysqld is the MySQL server, the main program that performs most of the work in a MySQL installation. An unspecified vulnerability exists in the InnoDB component of Oracle MySQL Server 8.0.21 and earlier versions. An...

Unauthorized Access Vulnerability in Feifei Movie Navigation System

Fei Fei Movie Navigation System is developed by PHP+Mysql technology, which can run on windows and Linux system platform. There is an unauthorized access vulnerability in Feifei Movie Navigation System, which can be exploited by attackers to obtain sensitive information...

File Containment Vulnerability in DM Building System (CNVD-2020-40756)

DM enterprise building system is developed by php + mysql a set of specialized in small and medium-sized enterprise website construction of open source cms. DM website builder system has a file containment vulnerability , attackers can exploit the vulnerability to obtain server privileges...

Arbitrary Code Execution Vulnerability in Multiple Versions of Intimate Home Care Intimate Cat (imcat)

Intimate Cat imcat is a general-purpose website system designed in PHP+MySQL architecture. Arbitrary code execution vulnerability exists in several versions of Intimate Home Care Intimate Cat imcat. An attacker can exploit the vulnerability to execute arbitrary code and gain server privileges...

Unauthorized Access Vulnerability in EML Enterprise Contacts Management System of Yisoftone.com

EML enterprise address book management system is based on Linux open kernel and Apache based Php+Mysql intelligent B/S interactive service system. EML Enterprise Address Book Management System of YisoftStone.com has an unauthorized access vulnerability, which can be exploited by attackers to caus...

Arbitrary File Deletion Vulnerability in HuCart

HuCart is a PHP+Mysql based enterprise building system that can run on various server platforms such as Linux and Windows. HuCart has an arbitrary file deletion vulnerability that can be exploited by attackers to arbitrarily delete server files...

HuCart Enterprise Building System v5.7.7 has file upload vulnerability

HuCart is a PHP+Mysql based enterprise building system CMS that can run on various server platforms such as Linux and Windows. A file upload vulnerability exists in HuCart Enterprise CMS v5.7.7, which can be exploited by attackers to upload arbitrary files...

Heybbs Micro Community v1.2 suffers from SQL injection vulnerability (CNVD-2020-23505)

HEYBBS micro-community is a front-end based on bootstrap+jq+css, back-end php+mysql development of micro-community program. Heybbs Micro Community v1.2 has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Command Execution Vulnerability in RGCMS

RuiGu information management system RGCMS is a set of open source building management system, using PHP language, written in the framework of Thinkphp5.1.+, the database using MYSQL database. RGCMS has a command execution vulnerability that can be exploited by attackers to gain control of the web...

SQL Injection Vulnerability in Heybbs Micro Community

Heybbs micro community is a front-end based on bootstrap + js + css, back-end php + mysql development of community programs. Heybbs Micro Community suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

CVE-2020-4230

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212...

HadSky has an XSS vulnerability

HadSky Light Forum is a newborn original PHP MySQL open source system , the main goal is to achieve light , fast , simple , full , 100% original open source system . HadSky XSS vulnerability , attackers can exploit the vulnerability to obtain administrator cookie information...

File Upload Vulnerability in RGCMS

RuiGu information management system RGCMS is a set of open source building management system, using PHP language, written in the framework of Thinkphp5.1.+, the database using MYSQL database. RGCMS has a file upload vulnerability. Attackers can use the vulnerability to obtain server privileges...

CVE-2019-2956

Vulnerability in the Core RDBMS jackson-databind component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocol...

CVE-2018-1799

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429...

IBM DB2 Privilege Mobilization Vulnerability (CNVD-2018-22926)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A privilege extraction vulnerability exists in all revision packages of several versions of IBM DB2...

IBM DB2 Buffer Overflow Vulnerability (CNVD-2018-20058)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A buffer overflow vulnerability exists in the 'db2licm' tool in IBM DB2 including DB2 Connect Server...