CVE-2018-0468

A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite CEMS could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default...

SQL Injection Vulnerability in emlog v6.0.0 Backend wi***.php Page

Short for every memory log, emlog is a PHP and MySQL based blog and CMS builder. A SQL injection vulnerability exists in the emlog v6.0.0 backend wi.php page. An attacker can exploit the vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in D-link Central WifiManager Co***.php Page

D-LINK Central WifiManager CWM-100 is D-LINK centralized wireless management software. A SQL injection vulnerability exists in the D-LINK Central WifiManager Co.php page, which can be exploited by an attacker to gain access to database information and also modify or delete arbitrary database data...

SQL Injection Vulnerability in ShopSn v2.3.6 Official Version

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN v2.3.6 official version of the existen...

SQL Injection Vulnerability in Yingtai's Website Builder System

Guilin Yingtai Business Co., Ltd. is an internet marketing service organization. There is a SQL injection vulnerability in the Yingtai Business website builder system, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Guotai Newpoint Public Resources Trading Platform

Jiangsu Guotai New Point Software Co., Ltd. is an informatization total solution provider, focusing on the fields of smart government, smart transaction, smart city park, construction industry and so on. A SQL injection vulnerability exists in Guotai Newpoint's public resources trading platform,...

Multiple RICOH Interactive Whiteboard Products SQL Injection Vulnerabilities

RICOH Interactive Whiteboard D2200 and others are multifunction printer devices from Ricoh, Japan. A SQL injection vulnerability exists in multiple RICOH Interactive Whiteboard products, which can be exploited by remote attackers to obtain or modify information in a database...

SQL injection vulnerability in in***.php page of website building system of Chengdu Shumei Network Technology Co.

Chengdu Shumei Network Technology Co., Ltd. is an Internet company that focuses on strategy, creativity, design, technology, marketing and service. There is a SQL injection vulnerability in the in.php page of Chengdu Shumei Network Technology Co. Attackers can use the vulnerability to obtain...

SaltOS SQL Injection Vulnerability (CNVD-2019-00827)

SaltOS is a suite of enterprise management solutions from the SaltOS program. The product integrates features such as CRM Customer Relationship Management and ERP Enterprise Resource Planning. A SQL injection vulnerability exists in SaltOS version 3.1 r8126, which can be exploited by remote...

SQL Injection Vulnerability in Nanjing Yunhuatong Network Technology Website Building System

Nanjing Yunhuatong Network Technology Station Building System is an enterprise station building system developed by Nanjing Yunhuatong Network Technology Co. There is a SQL injection vulnerability in Nanjing Yunhuatong Network Technology website building system, which can be exploited by attacker...

PHP Cloud Talent System 4.6 (phpyun) SQL Injection Vulnerability

PHP cloud talent system phpyun is an open source talent and enterprise job search recruitment, hiring solutions built using PHP and MySQL database. A SQL injection vulnerability exists in the backend of phpyun v4.6. Attackers can use the vulnerability to obtain sensitive information in the databa...

SQL injection vulnerability in OURPHP backend ou***.php file

OURPHP is Harbin Weicheng Technology Co., Ltd. developed a PHP + MySQL based on the development of W3C standards-compliant building system. OURPHP background ou.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive database information...

PHPTPoint Hospital Management System 1 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: phptpoint hospital management system Multiple SQL injection Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link:...

PHPTPoint Hospital Management System 1 SQL Injection

Exploit Title: phptpoint hospital management system Multiple SQL injection Date: 10/24/2018 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link: https://www.phptpoint.com/hospital-management-system/ Version: 1 Tested on: WAMP...

CVE-2018-11079

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain...

CVE-2018-11079

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain...

S-CMS News Portal System SQL Injection Vulnerability in Frontend

S-CMS news portal system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise to provide solutions to build a station. A SQL injection vulnerability exists in the frontend of S-CMS News Portal System. Attackers can use the vulnerability to obtain sensitive information i...

Design/Logic Flaw

An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

CVE-2018-17797

An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

CVE-2018-17797

An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...