3898 matches found
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection
Exploit Title: YouPHPTube 7.3 SQL Injection Google Dork: / Date: 19.08.2019 Exploit Author: Fabian Mosch, r-tec IT Security GmbH Vendor Homepage: https://www.youphptube.com/ Software Link: https://github.com/YouPHPTube/YouPHPTube Version: 7.3 Tested on: Linux/Windows CVE : CVE-2019-14430 The...
Taizhou Zhisou Network Technology Co., Ltd. website building system has SQL injection vulnerabilities
Taizhou Zhisou Network Technology Co., Ltd. is engaged in website construction, website production, website revision, website optimization of the network company. There is a SQL injection vulnerability in Taizhou Zhisou Network Technology Co. Attackers can use the vulnerability to obtain sensitiv...
CVE-2019-0348
SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...
Code injection
SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...
CVE-2019-0348
SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...
Joomla! component com_jssupportticket SQL Injection Vulnerability
Joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla! component comjssupportticket. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL Injection Vulnerability in ThinkLC re***.php Page
ThinkLC is a local classification information system built on PHP+MYSQL development. A SQL injection vulnerability exists in the ThinkLC re.php page, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Ma***.aspx Page of Eqin WEB Attendance Management Software
Easy Attendance WEB attendance management software is a network version of the B / S architecture WEB attendance management software. The Ma.aspx page of EaseUS WEB Attendance Management Software has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive informatio...
Zhengzhou Wolf Smoke Network Technology website construction system has SQL injection vulnerabilities
Zhengzhou Wolf Smoke Network Technology Limited a professional website design, production, operation service provider. Zhengzhou Wolf Smoke Network Technology website construction system has SQL injection vulnerability, attackers can use the vulnerability to obtain database information...
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential SQL Injection vulnerability (CVE-2019-4032)
Summary IBM Financial Transaction Manager for Corporate Payment Services FTM CPS for Multi-Platform has addressed the following vulnerability. A potential Blind SQL injection on a web service. Vulnerability Details CVEID: CVE-2019-4032 DESCRIPTION: IBM Financial Transaction Manager for Digital...
Improper check for access to application database (NC-SA-2018-015)
A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement...
Bypass Vulnerability in Website Security Dog's SQL Injection Blocking Feature
Security Dog is a comprehensive server security protection tool that integrates server security protection and security management. A bypass vulnerability exists in the SQL injection blocking feature of Website Security Dog. An attacker can bypass the SQL injection blocking feature of Website...
SQL Injection Vulnerability in Sichuan Yunbait Technology Co.
Sichuan Yunbait Technology Co., Ltd. is an Internet company dedicated to the field of network infrastructure services. There is a SQL injection vulnerability in the website building system of Sichuan Yunbat Technology Co. Attackers can use the vulnerability to obtain sensitive information in the...
Sql injection
Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...
CVE-2019-1010248
Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...
CVE-2019-1010104
TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. The impact is: Access to the database. The component is: likeescape is used in Quick-chat.php line 399. The attack vector is: Crafted ajax request...
CVE-2019-1010104
TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. The impact is: Access to the database. The component is: likeescape is used in Quick-chat.php line 399. The attack vector is: Crafted ajax request...
SQL Injection Vulnerability in DBShop System
DBShop is an e-commerce system. A SQL injection vulnerability exists in the DBShop system, which can be exploited by attackers to obtain sensitive information from the database...
Deepwoods Software WebLibrarian SQL Injection Vulnerability
Deepwoods Software WebLibrarian is a book management system plugin for use in WordPress from Deepwoods Software, USA. A SQL injection vulnerability exists in the 'AllBarCodes' function in Deepwoods Software WebLibrarian 3.5.2 and earlier versions. The vulnerability stems from a lack of validation...
CVE-2019-7666
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password...