CVE-2021-37614

In certain Progress MOVEit Transfer versions before 2021.0.3 aka 13.0.3, SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

Progress Software MOVEit Transfer SQL注入漏洞

Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A SQL injection vulnerability exists in Progress Software MOVEit Transfer, which stems from a SQL injection in the MOVEit Transfer web application that could allow an authenticated, remote attacker...

Default credentials

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the...

CVE-2021-33325

The CVE-2021-33325 entry documents a vulnerability in the Portal Workflow module of Liferay Portal (versions: 7.3.2 and earlier) and Liferay DXP (7.0 before fix pack 93, 7.1 before fix pack 19, 7.2 before fix pack 7) where cleartext passwords are stored in the database when workflow is enabled fo...

Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe

Most digital applications we work on require some type of credentials –– to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials a.k.a ‘Secrets’ are pieces of user or system level...

Eaglesoft 信任管理问题漏洞

Eaglesoft is a software application.Eaglesoft is dental software that we call PMS or Practice Management Software. It contains charting information, insurance, patient information, scheduling, scanned documents, and in some cases X-rays if the office is licensed for imaging. Patterson Eaglesoft A...

Advisto PEEL SHOPPING SQL注入漏洞

PEEL Shopping is a PHP/MySQL architecture of open source e-commerce system. 9.4.0.1 prior version of PEEL Shopping has a SQL injection vulnerability, which can be exploited by attackers to inject malicious SQL queries and obtain sensitive database information...

Care2x Integrated Hospital Info System 2.7 SQL Injection

Exploit Title: Care2x Integrated Hospital Info System 2.7 - 'Multiple' SQL Injection Date: 29.07.2021 Exploit Author: securityforeveryone.com Vendor Homepage: https://care2x.org Software Link: https://sourceforge.net/projects/care2002/ Version: = 2.7 Alpha Tested on: Linux/Windows Researchers :...

Care2x Integrated Hospital Info System 2.7 - 'Multiple' SQL Injection

Exploit Title: Care2x Integrated Hospital Info System 2.7 - 'Multiple' SQL Injection Date: 29.07.2021 Exploit Author: securityforeveryone.com Vendor Homepage: https://care2x.org Software Link: https://sourceforge.net/projects/care2002/ Version: = 2.7 Alpha Tested on: Linux/Windows Researchers :...

CVE-2021-36934

An elevation of privilege vulnerability exists because of overly permissive Access Control Lists ACLs on multiple system files, including the Security Accounts Manager SAM database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An...

Sourcecodester SourceCodester Water Billing System SQL注入漏洞

Sourcecodester SourceCodester Water Billing System is a water billing system from SourceCodester Sourcecodester, a U.S. company. SourceCodester Water Billing System has a security vulnerability. The vulnerability can be exploited by attackers to gain access to the database to obtain sensitive...

CASAP Automated Enrollment SQL注入漏洞

CASAP Automated Enrollment is an automated enrollment system for the CASAP organization in the United States. The purpose of the project is to provide CASAP with an automated enrollment system to streamline the school process and make it more effective, efficient and easy to retrieve...

Vulnerability discovered in Microsoft Windows

Researchers have discovered a vulnerability in Microsoft Windows 10 build 1809 and later. A local, authenticated malicious person could exploit the vulnerability to read the local SAM database and execute arbitrary code with SYSTEM privileges. -= Microsoft =- Microsoft has not yet made updates...

CVE-2020-23284

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application...

PT-2021-7654

Name of the Vulnerable Software and Affected Versions SonicWall Secure Remote Access SRA appliances versions 8.x through 9.0.0.9-26sv Description The issue is related to improper neutralization of a SQL command, leading to a SQL injection vulnerability. This vulnerability impacts end-of-life Secu...

IBM Datacap Taskmaster Capture SQL Injection Vulnerability

IBM Datacap Taskmaster Capture is a complete solution for document and data capture from IBM USA. Data and document images can be scanned, categorized, identified, validated, verified and exported quickly, accurately and cost-effectively. IBM Datacap Taskmaster Capture suffers from a SQL injectio...

PHPGurukul Hospital Management System SQL Injection Vulnerability (CNVD-2021-45446)

PHPGurukul Hospital Management System is a web application for hospitals to manage doctors and patients. A SQL injection vulnerability exists in \hms\appointment-history.php in PHPGurukul Hospital Management System version 4.0. An attacker can exploit this vulnerability to obtain sensitive...

PHPGurukul Hospital Management System SQL Injection Vulnerability (CNVD-2021-45443)

PHPGurukul Hospital Management System is a web application for hospitals to manage doctors and patients. A SQL injection vulnerability exists in \hms\forgot-password.php in PHPGurukul Hospital Management System version 4.0. An attacker can exploit this vulnerability to obtain sensitive informatio...

CVE-2020-22171

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

AKCMS suffers from SQL injection vulnerability (CNVD-2021-47148)

AKCMS is a lightweight content management system based on PHP and MySQL. AKCMS suffers from an SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...