3895 matches found
CVE-2018-5340
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account specifically, an account with permission to write to the filesystem via SQL queries...
CVE-2018-5340
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account specifically, an account with permission to write to the filesystem via SQL queries...
Sql injection
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account specifically, an account with permission to write to the filesystem via SQL queries...
CVE-2018-5340
CVE-2018-5340 affects Zoho ManageEngine Desktop Central versions 10.0.124 and 10.0.184. The issue is that a superuser account (with permission to write to the filesystem via SQL queries) can access the database and potentially perform write operations to the filesystem. The CNVD entry explicitly ...
CVE-2018-5340
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account specifically, an account with permission to write to the filesystem via SQL queries...
SQL Injection Vulnerability in Website Construction System of Ningxia Hongfeng Network Technology Co.
Ningxia Hongfeng Network Technology Co., Ltd. is Ningxia Yinchuan area specializing in Internet services nature of the enterprise, to provide enterprise website construction, personal website production, 400 telephone for, website revision, website promotion, SEO keyword optimization, e-commerce...
SQL Injection Vulnerability in CMS of Wuhan Tengfei Liren E-commerce Co.
Wuhan Tengfei Liren E-commerce Co. A SQL injection vulnerability exists in the CMS of Wuhan Tengfei Liren E-commerce Co. An attacker can exploit this vulnerability to obtain sensitive information in the database...
Anhui Zhishengyuan Information Technology Co., Ltd. website construction system has SQL injection vulnerabilities
Anhui Zhishengyuan Information Technology Co., Ltd. is an e-commerce operator with Internet technology as its core. There is a SQL injection vulnerability in the website construction system of Anhui Zhishengyuan Information Technology Co. An attacker can exploit the vulnerability to obtain...
SQL Injection Vulnerability in Website Construction System of Guangzhou Sanjin Network Technology Co.
Guangzhou Sanjin Network Technology Co., Ltd. is a one-stop provider of Internet application services, providing e-commerce solutions for Chinese enterprises. There is a SQL injection vulnerability in the website construction system of Guangzhou Sanjin Network Technology Co. Attackers can use the...
CVE-2018-9852
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...
CVE-2018-9852
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...
SQL Injection Vulnerability in Website Construction System of Guangzhou Shuntian Computer Technology Co.
Shun Tian Technology is a network technology service provider, with international leading website development technology, e-commerce technology, website all-round promotion technology and intimate after-sales customer service team. Guangzhou Shuntian Computer Technology Co., Ltd. website...
CVE-2018-9331
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock...
Directory traversal
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock...
CVE-2018-9331
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock...
Hardcoded credentials
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...
CVE-2014-3413
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...
Information Disclosure
Apache Drill is vulnerable to information disclosure. The application logs passwords in plain text when connecting a database, allowing a malicious user with access to the logs access to sensitive information...
Square 9 GlobalForms SQL Injection Vulnerability
Square 9 GlobalForms is a web form management software from Square 9 Softworks. The software collects Web form data and automatically populates it with keywords. A SQL injection vulnerability exists in the 'match' parameter in Square 9 GlobalForms version 6.2.x. A remote attacker could use this...
Code injection
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...