3898 matches found
Multiple Vulnerabilities in Rookie Enterprise Website System
Rookie enterprise website system PHP version is a PHP enterprise website system. Rookie Enterprise Website System has multiple vulnerabilities. Allow attackers to execute commands to obtain sensitive database information and server privileges...
Sql injection
SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database...
CVE-2020-3937 SysJust Syuan-Gu-Da-Shih-SQL injection
SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database...
Plone DTML SQL Injection
Plone is free and open source content management system. Plone DTML suffers from SQL injection, which can be exploited by remote attackers to submit a special SQL request to manipulate the database, which can obtain sensitive information or execute arbitrary code...
Password Hashing: Do not use MD5
Impact User passwords are stored in the database using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problemati...
CVE-2020-5229
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...
Default credentials
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...
CVE-2020-5229 Opencast stores passwords using outdated MD5 hash algorithm
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...
SQL Injection Vulnerability in Intelligent Meter Management System of Qingdao Automation Instrument Co.
Intelligent meter cluster management system is an industrial control management system that controls statistics and manages some of the data in the energy industry. There is a SQL injection vulnerability in the Intelligent Instrumentation System of Qingdao Automation Instrumentation Co., Ltd, whi...
CloudLock server-side Windows version (public cloud version) suffers from sql injection bypass vulnerability
Cloud lock is a server essential security protection and operation and maintenance management SAAS solution, is a CS architecture for management of the product, through the PC to support windows/linux server cross-platform real-time, batch, remote security management. The public cloud version of...
カスタマー サポート データベースのアクセス構成の誤りについて
本記事は、Microsoft Security Response Center ブログ “Access Misconfiguration for Customer Support Database” 2020 年 1 月 22 日 米国時間...
CVE-2019-19801
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases...
CVE-2020-2640
Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager component: Target Management. Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...
Oracle Enterprise Manager for Oracle Database cpujan2020 Multiple Remote Security Vulnerabilities
Description Oracle Enterprise Manager for Oracle Database is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over HTTP protocol. The 'Change Manager - web based', 'Discovery Framework', 'Enterprise Config Management', and 'Target Management' components ar...
SQL Injection Vulnerability in 51 Micro Voting System
51 Micro Voting System is a platform system that provides customers with online voting services through the Internet. There is a SQL injection vulnerability in 51MicroVoting System, which can be exploited by attackers to obtain sensitive information in the database...
SQL Injection Vulnerability in School Worry-Free Teacher Evaluation System
The Schoolfree Teacher Evaluation System is a school teaching management system. A SQL injection vulnerability exists in SchoolWorryFree Teacher Evaluation System, which can be exploited by attackers to obtain sensitive information from the database...
Wenzhou Yougu Technology Co., Ltd. website building system SQL injection vulnerability
Wenzhou Yougu Technology Co., Ltd. is committed to website construction and development, multimedia production, the company set up a mobile division, focusing on WeChat mobile system development. Wenzhou Yougu Science and Technology Co., Ltd. station building system there are SQL injection...
SQL Injection Vulnerability in UsualToolCMS of Chengdu Comfidonte Network Technology Co.
UsualToolCMS UTCMS is a content management system as well as a rapid site building framework. UsualToolCMS by Chengdu Comfidonte Network Technology Co., Ltd. suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...
CVE-2019-10205
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry...
SQL Injection Vulnerability in opensns system
OpenSNS is an open-source social networking system from Jiaxing Wantsky Information Technology Company in China. The opensns system suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...