CVE-2019-7666

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password...

Authentication flaw

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password...

PT-2019-17022 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation with Automation Anywhere version 11 Description: The issue concerns the use of a high-privileged PostgreSQL account for database access in IBM Robotic Process Automation with Automation Anywhere. This could allo...

Security Bulletin: IBM Robotic Process Automation uses a PostgreSQL admin account for accessing the application database (CVE-2019-4298)

Summary IBM Robotic Process Automation uses a PostgreSQL admin account for accessing the application database. Vulnerability Details CVEID: CVE-2019-4298 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere uses a high privileged PostgreSQL account for database access which could...

SQL Injection Vulnerability in Zhongshan Zhike Network Brand Planning Website Building System

Zhongshan Zhike Network Brand Planning is a company that mainly deals with website construction, software development, VI design, domain name, server and other projects. Zhongshan Zhike Network Brand Planning website building system has a SQL injection vulnerability, which can be exploited by...

Dutch Auction Factory Component SQL Injection Vulnerability in Joomla!

Joomla! is a U.S. Open Source Matters team using PHP and MySQL development of a set of open source, cross-platform content management system CMS. Dutch Auction Factory is used in one of the auction site to create extensions . A SQL injection vulnerability exists in the Dutch Auction Factory...

The vulnerability of the Open Cloud Integrity Technology, a tool for creating cloud services, stems from deficiencies in access control within the certification database. This allows attackers to disclose protected information.

The vulnerability of the Open Cloud Integrity Technology, which is used to create cloud services, is related to deficiencies in access control within the certification database. Exploiting this vulnerability could allow attackers to disclose protected information...

USN-4019-2 sqlite3 vulnerabilities

USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary cod...

Collibra: Access to the database on onboarding.collibra.com

Summary: During the study, it was discovered that port 9306 was open on this server, which is open to the Sphinx service. I was able to connect to the internal database. Steps To Reproduce: 1. Discovery of open port 9306, on which service Sphinx is running screenshot 0 2. Connection to the databa...

CVE-2019-3947

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server...

Hefei Tuono Network Technology Co., Ltd. building system SQL injection vulnerability

Hefei Topfield Network Technology Co., Ltd. is a company mainly engaged in website construction, website promotion, website design, website optimization, website marketing and other businesses. Hefei Topfield Network Technology Co., Ltd. website building system there is a SQL injection...

SQL Injection Vulnerability in Edit Member Level on Tpshop Us***.php Page

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the edit member level of the Tpshop Us.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in Personal Information Modification on Tpshop Us***.php Page

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the personal information modification section of the Tpshop Us.php page. An attacker can exploit the vulnerability to obtain sensitive information from the...

SQL Injection Vulnerability in Tpshop v3.5 Ar***.php Page

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 Ar.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in Website Building System of Fushun Jingwei Network Technology Development Co.

Fushun Jingwei Network Technology Development Co., Ltd. is a company mainly engaged in computer web page design and production, computer system maintenance, computer software development and sales, computer supplies and accessories sales, computer technology, economic information consulting and...

SQL Injection Vulnerability in Nanjing Minggu Technology Co.

Nanjing Minggu Technology Co., Ltd. is engaged in software development, network marketing and enterprise network informatization solutions. A SQL injection vulnerability exists in the website building system of Nanjing Minggu Technology Co. An attacker can use this vulnerability to obtain sensiti...

SQL injection vulnerability in the ne***.php page of Jinan Yuxia Information Technology Co.

Jinan Yuxia Information Technology Co., Ltd. to the Internet products and related services as the main direction, is a collection of website construction and network promotion, IDC business, software development, server hosting, telecommunications value-added services and other integrated service...

Debian DSA-4446-1 : lemonldap-ng - security update

It was discovered that the Lemonldap::NG web SSO system performed insufficient validation of session tokens if the 'tokenUseGlobalStorage'option is enabled, which could grant users with access to the main session database access to an anonymous session. C Tenable Network Security, Inc. The...

candlepin: credentials exposure through log files

It was discovered that a world-readable log file, belonging to the Candlepin component of Red Hat Satellite 6.4, leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from...

CVE-2019-11619

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user or a user with permission to manage configuration analytics could exploit the vulnerability to obtain database sensitive...