Lucene search
K

3905 matches found

Cvelist
Cvelist
added 2018/04/08 2:0 a.m.19 views

CVE-2018-9852

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...

9.3AI score0.01391EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/08 12:0 a.m.1 views

SQL Injection Vulnerability in Website Construction System of Guangzhou Shuntian Computer Technology Co.

Shun Tian Technology is a network technology service provider, with international leading website development technology, e-commerce technology, website all-round promotion technology and intimate after-sales customer service team. Guangzhou Shuntian Computer Technology Co., Ltd. website...

7.9AI score
Exploits0
Prion
Prion
added 2018/04/07 2:29 a.m.15 views

Directory traversal

An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock...

6.4CVSS7.6AI score0.02621EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/04/07 2:29 a.m.3 views

CVE-2018-9331

An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.9AI score0.02621EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/04/07 2:0 a.m.21 views

CVE-2018-9331

An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock...

7.6AI score0.02621EPSS
Exploits1References1
Prion
Prion
added 2018/04/05 5:29 p.m.23 views

Hardcoded credentials

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...

10CVSS6.7AI score0.02208EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/05 5:0 p.m.28 views

CVE-2014-3413

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...

9.2AI score0.02208EPSS
Exploits0References2
Veracode
Veracode
added 2018/04/05 3:21 a.m.10 views

Information Disclosure

Apache Drill is vulnerable to information disclosure. The application logs passwords in plain text when connecting a database, allowing a malicious user with access to the logs access to sensitive information...

6.1AI score
Exploits0
CNVD
CNVD
added 2018/04/03 12:0 a.m.1 views

Square 9 GlobalForms SQL Injection Vulnerability

Square 9 GlobalForms is a web form management software from Square 9 Softworks. The software collects Web form data and automatically populates it with keywords. A SQL injection vulnerability exists in the 'match' parameter in Square 9 GlobalForms version 6.2.x. A remote attacker could use this...

7.5CVSS8.4AI score0.01788EPSS
Exploits3References1
Prion
Prion
added 2018/04/02 3:29 a.m.16 views

Code injection

DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...

7.5CVSS9.7AI score0.02275EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/04/02 12:0 a.m.2 views

SQL Injection Vulnerability in Multiple Pages of Website Building System of Beijing Tiandi Huada Network Technology Co.

Ltd. is a network company that researches, promotes and develops new technologies and devotes itself to enterprise informatization services. It is a Beijing network company that provides comprehensive e-commerce consulting and solutions based on the Internet, and owns a number of products and...

7.7AI score
Exploits0
CNVD
CNVD
added 2018/03/30 12:0 a.m.1 views

SQL Injection Vulnerability in CMS, a Personal Card Issuing Platform Program

Personal card issuance platform program source code is a PHP + MySQL development of card issuance platform source code. A SQL injection vulnerability exists in the Personal Card Issuing Platform program CMS. The vulnerability stems from the program's failure to perform effective filtering. An...

8.1AI score
Exploits0
Prion
Prion
added 2018/03/24 6:29 p.m.13 views

Directory traversal

An issue was discovered in zzcms 8.2. user/licencesave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

6.4CVSS7.6AI score0.02621EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/03/24 6:29 p.m.22 views

CVE-2018-8969

An issue was discovered in zzcms 8.2. user/licencesave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS7.6AI score0.02621EPSS
Exploits1References1
NVD
NVD
added 2018/03/24 6:29 p.m.15 views

CVE-2018-8968

An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS7.6AI score0.02621EPSS
Exploits1References1
Prion
Prion
added 2018/03/24 6:29 p.m.19 views

Directory traversal

An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

6.4CVSS7.6AI score0.02621EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/03/24 6:29 p.m.1 views

CVE-2018-8968

An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.8AI score0.02621EPSS
Exploits1References2
OSV
OSV
added 2018/03/24 6:29 p.m.4 views

CVE-2018-8965

An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.9AI score0.02621EPSS
Exploits1References1
OSV
OSV
added 2018/03/24 6:29 p.m.2 views

CVE-2018-8968

An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.9AI score0.02621EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/03/24 6:29 p.m.1 views

CVE-2018-8965

An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.8AI score0.02621EPSS
Exploits1References2
Rows per page
Query Builder