EML Enterprise Address Book Management System v5.4.4 has SQL Injection Vulnerability

EML enterprise customer relationship management system is based on Linux open kernel and Apache based Php + Mysql intelligent B / S interactive service system. EML Enterprise Contacts Management System v5.4.4 suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to...

SQL injection vulnerability in ne***.php page of website building system of Beijing Yitianxing Technology Co.

Ltd. is an Internet service provider specializing in providing customized website construction solutions for enterprises. A SQL injection vulnerability exists in the ne.php page of the website building system of Beijing Yitianxing Technology Co. An attacker can use the vulnerability to obtain...

Cisco Policy Suite Policy Builder Authentication Bypass Vulnerability

Cisco Policy Suite is a carrier-grade policy, charging, and subscriber data management solution. An authentication bypass vulnerability exists in the Policy Builder database of Cisco Policy Suite. The vulnerability stems from a lack of authentication. An attacker can exploit the vulnerability by...

CVE-2018-0374

Cisco Policy Suite prior to version 18.2.0 vulnerable to an unauthenticated remote attack via the Policy Builder database. The root cause is lack of authentication, enabling an attacker to connect directly to the Policy Builder database and access or modify data. Affected component: Policy Builde...

OURPHP website builder system has SQL injection vulnerability

OURPHP is a PHP+MySQL based development of W3C standard building system. OURPHPCMS V1.8.2, V1.8.3 version of the system are SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

SQL Injection Vulnerability in SEMCMS_i***.php page of SemCms website builder system version 2.7

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox , google, 360 and other mainstream browsers.SemCms php version written in php language, combined with apache, in window, or linux system to run...

SQL Injection Vulnerability in Easylink's Website Building System

Xi'an Yiheyi Technology Co., Ltd. is a high-tech enterprise integrating website construction, brand design, network promotion, software development, system integration and other businesses. Easy Unity Technology website building system has a SQL injection vulnerability, which can be exploited by...

SQL Injection Vulnerability in Hubei Guosheng Technology Co.

Ltd. is a full-network value marketing service provider, to provide customers with comprehensive digital innovation services, to help traditional enterprises to realize the "Internet +" transformation and upgrading. Ltd. website building system there is a SQL injection vulnerability, attackers ca...

SemCMS php version of foreign trade website SEMCMS_Ba****.php page has SQL injection vulnerability

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox , google, 360 and other mainstream browsers.SemCms php version written in php language, combined with apache, in window, or linux system to run...

SemCMS php version of foreign trade website SEMCMS_In*****.php page has SQL injection vulnerability

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox , google, 360 and other mainstream browsers.SemCms php version written in php language, combined with apache, in window, or linux system to run...

OCS Inventory NG SQL Injection Vulnerability (CNVD-2018-13357)

OCS Inventory NG Open Computer and Software Inventory Next Generation is a Asset Management software developed by OCS Inventory team. The software helps administrators master computer software installation and configuration, as well as low network traffic communication between HTTP proxies and...

Unspecified Vulnerability in ECOS System Management Appliance

ECOS System Management Appliance a.k.a. SMA is a virtual appliance from ECOS TECHNOLOGY, Germany, for centralized management of ECOS products, which is capable of running on VMware, Crtrix XenServer, and Hyper-V. A security vulnerability exists in ECOS SMA version 5.2.68 that stems from a failure...

Design/Logic Flaw

An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcmsmain table and then making an img add request. This can be leveraged for database access by deleting install.lock...

CVE-2018-13056

An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcmsmain table and then making an img add request. This can be leveraged for database access by deleting install.lock...

CVE-2018-13056

An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcmsmain table and then making an img add request. This can be leveraged for database access by deleting install.lock...

Authentication flaw

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

CVE-2018-8901

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

CVE-2018-8902

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include...

CVE-2018-8901

Ivanti Avalanche vulnerability CVE-2018-8901 affects version 5.3–6.2. A local user with database access can read encrypted passwords for LDAP-authenticated users, with passwords stored in Avalanche databases. Impact is information disclosure for LDAP-enabled configurations. The root cause is desc...

CVE-2018-1000558

OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted...