CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2020/11/24 12:0 a.m.•2 views

UFIDA NC suffers from SQL injection vulnerability (CNVD-2020-69451)

UFIDA NC is a large erp enterprise management system and e-commerce platform. UFIDA NC suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to obtain sensitive information from the database...

CNVD•added 2020/11/23 12:0 a.m.•3 views

VMware VMWare SD-WAN Orchestrator SQL Injection Vulnerability

VMware VMWare SD-WAN Orchestrator is a software for orchestrating network data flows in a software-defined network architecture. A SQL injection vulnerability exists in VMware VMWare SD-WAN Orchestrator, which can be exploited by a remote attacker to submit a special SQL request to manipulate a...

6.5CVSS8.2AI score0.0114EPSS

CNVD•added 2020/11/23 12:0 a.m.•3 views

SQL Injection Vulnerability in the Website Building System of Xiamen Intelligent Technology Co.

Ltd. is located in the beautiful scenery of the ancient city of Xi'an, Shaanxi Province, with a registered capital of 10 million yuan RMB, is a high-tech enterprise integrating development, manufacturing, sales and service. Ltd. building system there are SQL injection vulnerabilities, attackers c...

CNVD•added 2020/11/21 12:0 a.m.•1 views

Shijiazhuang Renaud Network Technology Co., Ltd. building system SQL injection vulnerability

Shijiazhuang Renaud Network Technology Co., Ltd. was founded in 2008, 12 years focusing on the application of Internet and information technology to help China's economic transformation and upgrading. Shijiazhuang Renaud Network Technology Co., Ltd. building system there are SQL injection...

7.7AI score

CNVD•added 2020/11/20 12:0 a.m.•2 views

SQL Injection Vulnerability in FE Business Assistance Platform (CNVD-2020-69477)

Zhuhai Feiqi Software Co., Ltd "Feiqi Software", founded in 1998 formerly Zhuhai UFIDA Software Co., Ltd. was founded in 1998, is a software vendor focusing on the research, development and service of industry collaboration and integration platform. A SQL injection vulnerability exists in FE...

CNVD•added 2020/11/19 12:0 a.m.•3 views

Cisco IoT Field Network Director SQL Injection Vulnerability

Cisco IoT Field Network Director IoT-FND is an end-to-end IoT management system from Cisco USA. The system features device management, asset tracking and smart metering. Cisco IoT Field Network Director suffers from a SQL injection vulnerability that results from insufficient input validation of...

9CVSS8.1AI score0.01565EPSS

CNNVD•added 2020/11/19 12:0 a.m.•4 views

Vmware VMWare SD-WAN Orchestrator SQL注入漏洞

6.5CVSS7.2AI score0.0114EPSS

Exploits0References3

Prion•added 2020/11/18 6:15 p.m.•11 views

Input validation

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...

9CVSS8.7AI score0.01565EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2020/11/18 5:40 p.m.•12 views

CVE-2020-26075 Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability

6.3CVSS7.1AI score0.01565EPSS

Cisco•added 2020/11/18 4:0 p.m.•51 views

Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability

6.3CVSS7.5AI score0.01565EPSS

CNNVD•added 2020/11/18 12:0 a.m.•5 views

Cisco IoT Field Network Director SQL注入漏洞

9CVSS6.8AI score0.01565EPSS

Exploits0References3

CNVD•added 2020/11/16 12:0 a.m.•2 views

SQL Injection Vulnerability in Website Building System of Nantong Dot Cool Network Technology Co.

Nantong Dot Cool Network Technology Co., Ltd. is a company that provides perfect industry website construction solutions for group enterprises and listed companies. There is a SQL injection vulnerability in the website building system of Nantong Dot Cool Network Technology Co., Ltd, which can be...

CNVD•added 2020/11/14 12:0 a.m.•2 views

SQL Injection Vulnerability in Waychar Enrollment System's Password Retrieval Function

Waychar Registration System is a free race registration system. A SQL injection vulnerability exists in the retrieve password function of the waychar registration system, which can be exploited by an attacker to obtain sensitive information from the database...

7.7AI score

CNVD•added 2020/11/13 12:0 a.m.•2 views

SQL injection vulnerability in ad***_ed***.php file of Miku CMS movie and TV system background

Miku CMS Movie & TV System is a movie & TV management system designed for different needs of webmasters. A SQL injection vulnerability exists in the aded.php file in the background of Miku CMS. Attackers can use the vulnerability to obtain sensitive information in the database...

7.7AI score

CNVD•added 2020/11/13 12:0 a.m.•1 views

SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Frontend us***.php Page

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...

8.1AI score

CNVD•added 2020/11/13 12:0 a.m.•2 views

SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Frontend ad***_in***.php Page

8.1AI score

OpenVAS•added 2020/11/11 12:0 a.m.•10 views

openGauss: Setting user for host Entries in the pg_hba.conf File

If user is set to all for host entries, any users are allowed to access the database. You are advised to set user for host entries to the user who needs to connect to the database. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and ar...

7.2AI score