3894 matches found
Multiple Cisco Intercloud Fabric Security Bypass Vulnerabilities
Cisco Intercloud Fabric for Business and Intercloud Fabric for Providers are both products of the American company Cisco. The former is a service for managing hosting deployments and the latter is a virtual appliance for deploying and managing cloud providers. A security vulnerability exists in...
SQL Injection Vulnerability in ZZCMS 'subzs.php'
ZZCMS is an enterprise website builder. A SQL injection vulnerability exists in ZZCMS 'subzs.php'. It allows attackers to exploit the vulnerability to obtain sensitive information about the database...
PT-2016-2998 · Siemens · Sicam Pas
Name of the Vulnerable Software and Affected Versions: Siemens SICAM PAS versions prior to 8.00 Description: The issue is related to storing passwords in a recoverable format. An authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing t...
PT-2016-2997 · Siemens · Sicam Pas
Name of the Vulnerable Software and Affected Versions: Siemens SICAM PAS versions prior to 8.00 Description: The issue is related to a factory account with hard-coded passwords in SICAM PAS installations. This could allow attackers to gain privileged access to the database over Port 2638/TCP. The...
Multiple SQL Injection Vulnerabilities in XYCMS (PHP version) Message Boards
XYCMS, formerly known as Nanjing XYCMS Enterprise Station Building System, is a commercial website building system developed based on ASP. The designed version is divided into dynamic and static version. XYCMS PHP version message board has multiple SQL injection vulnerabilities. Through the...
SIEMENS SICAM PAS Arbitrary File Access Vulnerability
SICAM PAS is an energy automation solution for the operation of substation equipment. It has open communication interfaces for power system control and control of industrial power supply equipment. An arbitrary file access vulnerability exists in SIEMENS SICAM PAS. Due to the use of hard-coded...
pycsw SQL Injection Vulnerability
pycsw is a system written in python that implements OGC CSW server functionality. It runs on all major platforms Windows, Linux, Mac OS X. Pycsw suffers from a SQL injection vulnerability, which can be exploited by an attacker to take control of the application, access or modify data, or exploit...
CVE-2016-9283
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue...
Microsoft SQL RDBMS Engine Elevation of Privilege Vulnerability
Microsoft SQL Server is the United States Microsoft Microsoft company develops and maintains a set of applications in the Microsoft Windows system under the large commercial database system. An elevation of privilege vulnerability exists in the 2016 version of Microsoft SQL Server that stems from...
SQL injection vulnerability in shopex ctl.gallery.php page
Shopex is an online store platform software system. A SQL injection vulnerability exists in the shopex ctl.gallery.php page, which allows attackers to exploit the vulnerability to obtain sensitive information from the database...
Exponent CMS 'is_what' Parameter SQL Injection Vulnerability
Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...
hdwiki user.php SQL Injection Vulnerability
Interactive Wiki open source system HDwiki is by the interactive online Beijing Technology Co., Ltd. launched a free wiki Wiki building system. A SQL injection vulnerability exists in hdwiki user.php, which allows attackers to exploit the vulnerability to obtain sensitive information from the...
CVE-2016-7919
Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who i...
Multiple SQL Injection Vulnerabilities in Douphp Backend
Douphp is a lightweight enterprise website management system, based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. Douphp background there are a number of SQL injection vulnerabilities, 1 due to the background is not sufficient to filter the parameters...
UCenter Home cp_magic.php suffers from SQL injection vulnerability
UCenter Home is a set of social network software Social Network Software, abbreviated as SNS built with PHP+MYSQL. A SQL injection vulnerability exists in UCenter Home cpmagic.php. Because the program fails to filter user input, an attacker can obtain sensitive database information by submitting...
WDS CMS SQL Injection Vulnerability
WDS CMS is a website management system. WDS CMS suffers from a SQL injection vulnerability, which can be exploited by an attacker to gain access to the database contents, as well as to upload backdoor files in subsequent attacks...
CVE-2016-6434
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370...
SQL injection vulnerability in weiphp 'application\Home\Controller\PublicLinkController.class.php' page
weiphp is an open source, efficient, simple microsoft development platform. An SQL injection vulnerability exists in the weiphp 'application\Home\Controller\PublicLinkController.class.php' page. Allow attackers can exploit the vulnerability to obtain database sensitive information...
Generalized SQL Injection Vulnerability in Xiamen Yaxun PDA System
The "Palm Service" system is an efficient process management system of enterprise mobile informationization based on the application of GPS mobile location management technology in response to the shortcomings of the traditional management mode of the enterprise field personnel and after years of...
DEXIS Imaging Suite 10 contains hard-coded credentials
Overview DEXIS is a dental x-ray imaging software that manages patient records. DEXIS Imaging Suite 10 contains several hard-coded credentials allowing administrative or root access to the patient database. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6532 DEXIS Imaging Suite 10...