CVE-2018-17798

An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

Directory traversal

An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

CVE-2018-17798

An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

Symfony Configuration Cheat Sheet

The Symfony framework provides web developers with a great foundation for their PHP applications. Several components can be used for many recurring tasks that are required in every application, such as handling input forms or accessing a database. In addition to functional tasks, security-relevan...

Provisioning Services 7.X: Target Devices Fail To Boot With Error "No servers available for disk"

When we start the Target Device, we notice the following error on the device during boot process. "No servers available for disk" We also notice Database Access errors for certain functions on the Event Viewer of PVS Server...

SQL injection vulnerability in ZZCMS 8.3 sp***.php file

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the sp.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...

Hangzhou Hansun technology hansunCMS information leakage vulnerability

HansunCMS Hansun Technology cms is a portal content management system developed by Hangzhou Hansun Technology Co. Hangzhou Hansun Technology HansunCMS information leakage vulnerability, the vulnerability is due to the program in the background to leave the publicity of the external links caused b...

[SECURITY] Fedora 28 Update: unixODBC-2.3.7-1.fc28

Install unixODBC if you want to access databases through ODBC. You will also need the mariadb-connector-odbc package if you want to access a MySQL or MariaDB database, and/or the postgresql-odbc package for Postgre SQL...

S-CMS School Building System SQL Injection Vulnerability at Forum Page (CNVD-2018-19275)

S-CMS school station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. A SQL injection vulnerability exists in the forum page of the S-CMS School Building System. An attacker can exploit the vulnerability to...

Online Quiz Maker 1.0 - 'catid' SQL Injection

Exploit Title: Online Quiz Maker 1.0 - 'catid' SQL Injection Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/quiz-maker.php Software Link:https://www.hscripts.com/scripts/php/downloads/quiz-maker.zip Version: 1.0 Category:...

CVE-2018-16344

An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock...

Directory traversal

An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock...

CVE-2018-16344

An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock...

CVE-2018-16344

An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock...

Zomato: [www.zomato.com] SQLi - /php/██████████ - item_id

Thanks @gerbenjavado for helping us keep @zomato secure : Thanks to the entire @Zomato team for doing this challenge. Its a pleasure to be back in the bug bounty game after a while. Introduction So I managed to find SQLi on https://www.zomato.com/php/██████████ in the POST parameter itemid...

IBM Maximo Asset Management SQL Injection Vulnerability (CNVD-2018-17089)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. An SQL injectio...

Niubicms v1.8 SQL Injection Vulnerability in Frontend

Niubicms is by the Nanjing Niukun Network Technology Co., Ltd. independent research and development of the novel website source code, news website source code, for PHP open source system. Niubicms v1.8 SQL injection vulnerability exists in the foreground . Attackers can use the vulnerability to...

Sql injection

The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read...

SQL Injection Vulnerability in Topsystem's Website Building System

Wenzhou top information technology limited company, focusing on providing enterprises with website marketing planning, construction, promotion and maintenance of one-stop service. Topland technology station building system SQL injection vulnerability, attackers can use the vulnerability to obtain...

ShopsN open source online store full web system suffers from SQL injection vulnerability (CNVD-2018-17331)

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN v2.3.3 official version of the existen...