3898 matches found
CVE-2019-11378
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finishedfiles=../ directory traversal. It is possible for users to read arbitrary files and potentially access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code...
CVE-2019-11378
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finishedfiles=../ directory traversal. It is possible for users to read arbitrary files and potentially access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code...
CVE-2019-11378
ProjectSend (revision r1053) is affected by CVE-2019-11378 through the upload-process-form.php endpoint, where finished_files[]=../ enables directory traversal. This allows attackers to read arbitrary files and potentially access the supporting database, delete files, leak user passwords, or exec...
Over 100 Million JustDial Users' Personal Data Found Exposed On the Internet
An unprotected database belonging to JustDial , India's largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy "88888 88888" customer care number, The...
SQL injection vulnerability in the background cm***_sl***_ed**.php page of VANOC enterprise website management system.
Vanno enterprise website management system is an asp + access for the development of asp enterprise website source code. Vanno enterprise website management system background cmsled.php page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...
SQL Injection Vulnerability in PCCW Information System
PCCW Information System is a website building system developed by PCCW Information Limited. A SQL injection vulnerability exists in PCCW's website builder system, which can be exploited by attackers to obtain sensitive information from the database...
xycmslyb v1.9 SQL Injection Vulnerability in Background
xycmslyb is a business building software. xycmslyb v1.9 suffers from a SQL injection vulnerability in the backend, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Jommla!ph*** Component
Joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the Jommla!ph component, which can be exploited by an attacker to obtain sensitive information from the database...
SQL Injection Vulnerability in Zhirui School Course Selection System
Zhirui school course selection system positioning school education development system, specialized for secondary schools, colleges and universities students online course selection, results query system, for the integrated campus information system. Zhirui School Selection System suffers from SQL...
CVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...
Design/Logic Flaw
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...
SQL Injection Vulnerability in Lanzhou Tianjie Network Technology Co.
Lanzhou Tianjie Network Technology Co., Ltd. is the only professional network design company in Northwest China that integrates website design, website construction, optimization and promotion, domain name registration, web hosting rental, website filing, advertisement planning, SMS, software...
Lobby Track Desktop Information Disclosure Vulnerability
Jolly Technologies Lobby Track Desktop is a desktop visitor management application from Jolly Technologies USA. The program has features such as pre-registering visitors, capturing photos and scanning driver's licenses. An information disclosure vulnerability exists in Jolly Technologies Lobby...
SQL Injection Vulnerability in Joomla! Ye*** Vi*** Sh*** Component
Joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla!Ye Vi Sh component, which can be exploited by an attacker to obtain sensitive information from a database...
Jommla! St*** component my*** function suffers from SQL injection vulnerability
Joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the my function of the Jommla!St component, which can be exploited by an attacker to obtain sensitive information from the database...
SQL Injection Vulnerability in Jommla! St*** Component ch*** Functions
Joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the ch function of the Jommla!St component, which can be exploited by an attacker to obtain sensitive information from the database...
SQL injection vulnerability in Hefei Xinchen website building system
Hefei Xinchen Network Technology Co., Ltd. provides Internet services for a wide range of enterprises. Hefei Xinchen Network Technology Co., Ltd. website building system has SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information in the database...
PT-2019-16850 · Ibm · Ibm Financial Transaction Manager For Digital Payments For Multi-Platform
Name of the Vulnerable Software and Affected Versions: IBM Financial Transaction Manager for Digital Payments for Multi-Platform version 3.1.0 Description: The issue allows a remote attacker to send specially-crafted SQL statements, which could enable the attacker to view, add, modify, or delete...
OOP CMS BLOG 1.0 Cross Site Request Forgery / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: http://zsoft.com.bd/ Software Link :...
XAMPP SQL Injection Vulnerability
XAMPP Apache + MySQL + PHP + PERL is a build XAMPP software station integration package. XAMPP suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...