CVE-2016-8930

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

Itech Auction Script 6.49 - mcid SQL Injection

Itech Auction Script 6.49 - mcid SQL Injection Exploit Title: Itech Auction Script v6.49 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/auction-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website:...

Moodle MSA-17-0001 Remote File Inclusion Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. Moodle suffers from a remote file inclusion vulnerability. An attacker can exploit thi...

Multiple TIBCO Product SQL Injection Vulnerabilities

TIBCO Spotfire Server and others are products of TIBCO Software, Inc. Multiple TIBCO products are vulnerable to a SQL injection vulnerability that originates from a program's failure to properly validate user-supplied input before using it in a SQL query. The vulnerability allows an attacker to...

Code injection

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it...

CVE-2016-7792

CVE-2016-7792 affects Ubiquiti Networks UniFi 5.2.7. The issue is improper access control allowing remote attackers to connect directly to the device’s database and modify it. The vulnerability is scoped to the UniFi AP AC Lite/5.2.7 context in the provided documents; no vendor patch or mitigatio...

LocalTapiola: Multiple Vulnerabilities in Oracle Webcenter Sites (/cs/Satellite)

Issue The reporter found issues related to previous reports: 167453, 170532, 173563 and 176574. It was found to be possible to circumvent some of the protections that have been put in place earlier on to prevent access to protected resources within the Oracle Webcenter Sites application. The...

PVS console showing target devices as down, even though it is possible to boot and stream to devices

PVS console showing target devices as down, even though it is possible boot and stream to devices.Event logged ID:11 Source: StreamProcess. DbAccess error: in ServerStatusSetContactInfo called from SSProtocolModule.cpp:2630. SQL DB server is up and accessible...

The vulnerability of the control device in the electrical energy sector, SICAM PAS, allows a intruder to access the database.

The vulnerability of the telecontrol device in the electrical energy sector of SICAM PAS is related to the use of strict password encoding. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain privileged access to the database using the TCP port 2638...

The vulnerability of the control device in the electrical energy sector, SICAM PAS, allows a intruder to access the database.

The vulnerability of the telecontrol device in the electric energy sector, SICAM PAS, is related to the storage of passwords in a recoverable format. Exploiting this vulnerability allows a malicious actor, who operates locally and has completed the authentication process, to restore user password...

My Php Dating 'path' Parameter SQL Injection Vulnerability

My Php Dating 2.0 is an online dating site system. A SQL injection vulnerability exists in the My Php Dating 'path' parameter, which can be exploited by attackers to access or modify database data...

CVE-2018-14670

Incorrect configuration in deb package could lead to the unauthorized use of the database. the UK's National Cyber Security Centre NCSC...

Intuit QuickBooks Desktop 2017 Credential Disclosure Vulnerability

Intuit QuickBooks Desktop 2017 suffers from an administrative credential disclosure vulnerability. + Credits: Maxim Tomashevich + Website: https://www.thegrideon.com/quickbooks-forensics.html + Details: https://www.thegrideon.com/qb-internals-2017.html Vendor: --------------------- www.intuit.com...

SQL Injection Vulnerability in Haixie Zhikang Base Platform

Haixie Zhikang Basic Platform is a management system for food and beverage and pharmaceuticals. A SQL injection vulnerability exists in the Haixie Zhikang Basic Platform login, which can be exploited by attackers to obtain sensitive information from the website database...

WordPress Plugin Simply Poll 1.4.1 - SQL Injection

WordPress Plugin Simply Poll 1.4.1 - SQL Injection Exploit Title: Simply Poll 1.4.1 Plugin for WordPress ­ SQL Injection Date: 21/12/2016 Exploit Author: TAD GROUP Vendor Homepage: https://wordpress.org/plugins/simply-poll/ Software Link: https://wordpress.org/plugins/simply-poll/ Contact:...

CVE-2016-9217

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. More Information: CSCus99394. Known Affected Releases: 7.30ZN0.99...

CVE-2016-9217

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. More Information: CSCus99394. Known Affected Releases: 7.30ZN0.99...

EasyNetSites 'nameDetail.php' Page SQL Injection Vulnerability

EasyNetSites is a WEB-based tool for managing organizational relationships on websites. A SQL injection vulnerability exists in the sn parameter of the nameDetail.php page of EasyNetSites, which originates from the program's failure to adequately filter user-submitted input, and can be exploited ...

Joomla com_blog_calendar Module SQL Injection Vulnerability

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A SQL injection vulnerability exists in the Joomla comblogcalendar module. An attacker can manipulate the modid value to execute SQL commands and re...

Oracle Property Management Platform remote command execution and the cardholder data is decrypted vulnerability analysis-vulnerability warning-the black bar safety net

Recently, I found that in some large business hotel, the reception data management system of Oracle Opera in the presence of a plurality of security vulnerabilities. Hackers can exploit these vulnerabilities, the hotel booking App mentioning the right to get higher user usage rights; at the same...