CVE-2018-1252 RSA Web Threat Detection SQL Injection Vulnerability

RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain...

Cloud EC E-commerce System v1.2 suffers from SQL Injection Vulnerability

Cloud EC e-commerce system hereinafter referred to as Cloud EC is a set of PHP + MYSQL-based open source e-commerce system software developed independently by Cloud MYSQL e-commerce Co. Cloud EC e-commerce system v1.2 exists SQL injection vulnerability. An attacker can exploit the vulnerability t...

SQL Injection Vulnerability in SMiCMS Government Website System v201803224 Version

State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. State Micro CMS government website system v201803224 version exists SQL injection vulnerability. Attackers can use the vulnerability to obtai...

SQL Injection Vulnerability in xycms Logistics and Transportation System v1.9

Jiangsu Xinyue Technology hereinafter referred to as "Xinyue Technology", a pioneer in the domestic website building industry, is a technology enterprise with independent intellectual property rights. xycms logistics and transportation company website building system v1.9 SQL injection...

CVE-2016-10551

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

CVE-2016-10551

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

Hardcoded credentials

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

CVE-2016-10551

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

IssueTrak 7.0 - SQL Injection

IssueTrak 7.0 - SQL Injection ================ Exploit Title: SQL Injection Vulnerability in Issue Trak = 7.0 Possibly applicable up to version 9.7 Date: 05-28-2018 Vendor Homepage: http://issuetrak.com Version: Confirmed 7.0; = 7.0 extremely likely; up to 9.7 very likely Google Dork:...

CVE-2018-10355

An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploi...

PbootCMS v1.0.9 suffers from SQL injection vulnerability

PbootCMS is a new core open source enterprise building system developed by Avantech. PbootCMS v1.0.9 version exists SQL injection vulnerability. Attackers can use the vulnerability to control parameters to achieve SQL injection to obtain important information about the database...

Dr.COM APG Anti-Proxy Gateway suffers from SQL Injection Vulnerability

Dr.COM APG Anti-Proxy Gateway Anti-Proxy Gateway is a network behavior analysis and management gateway device designed and developed by Guangzhou Hotspot specifically for broadband shared access management, which mainly provides wired and wireless broadband operators with a real-time control box...

SQL Injection Vulnerability in Zhengzhou Octave Internet Marketing System (CNVD-2018-10445)

Zhengzhou Octave Networks is a technology company that specializes in providing customers with mobile Internet development, high-end website construction, brand Internet marketing and related Internet-based application services. Zhengzhou Octave Network Marketing system has a SQL injection...

Multiple SQL Injection Vulnerabilities in Nagios XI

Nagios is an open source, free network monitoring tool that effectively monitors the status of hosts, switches routers and other network devices, printers, etc. for Windows, Linux and Unix. Nagios XI has multiple SQL injection vulnerabilities. An attacker can exploit the vulnerabilities to obtain...

CVE-2018-1313

CVE-2018-1313 affects Apache Derby 10.3.1.4 through 10.14.1.0. A specially crafted Derby Network Server network packet can cause the server to boot a database whose location/contents are under the attacker’s control if Java Security Manager is not enabled; with a permissive default Network Server...

U.S. Dept Of Defense: Code reversion allowing SQLI again in ███████

Summary: I just noticed that my publicly disclosed report, https://hackerone.com/reports/311922 is sstill vulnerable either a code reversion was made or something was done to revert the patch. Additionally I'd please request that the images in the report to be censored or redacted as it's been ma...

SQL Injection Vulnerability in MetInfo v6.0

MetInfo is a Content Management System CMS developed using PHP and Mysql. A SQL injection vulnerability exists in MetInfo v6.0. An attacker can exploit the vulnerability to read data from a website database...

HamayeshNegar CMS 'downloadpaper.php' SQL Injection Vulnerability

HamayeshNegar CMS is a content management system. A SQL injection vulnerability exists in the HamayeshNegar CMS 'downloadpaper.php' page, which can be exploited by attackers to access or modify database data...

Knight Network Builders has a SQL Injection Vulnerability

Ltd. is a website design company with website construction and visual design development and brand online marketing promotion. Knight Network website builder has a SQL injection vulnerability. An attacker can use this vulnerability to obtain sensitive information in the database and can upload...

CVE-2017-9656

The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevate...