3894 matches found
Linknat SQL Injection Vulnerability
Linknat suffers from a SQL injection vulnerability. An attacker is able to execute malicious sql commands to connect to dbms...
SAP NetWeaver AS JAVA SQL Injection Vulnerability
SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications.SAP NetWeaver AS Java is an application server that runs in NetWeaver and is based on the Java programming language. An SQL injection vulnerability exists...
MEDHOST Perioperative Information Management System contains hard-coded database credentials
Overview MEDHOST Perioperative Information Management System PIMS versions prior to 2015R1 contain hard-coded credentials that are used for customer database access. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-4328MEDHOST PIMS, previously branded as VPIMS, contains hard-coded...
ManageEngine Applications Manager < 12710 Multiple Vulnerabilities - Active Check
ManageEngine Applications Manager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Hi Technology & Services CMS SQL Injection Vulnerability
Hi Technology & Services CMS suffers from a SQL injection vulnerability that allows remote attackers to execute malicious sql commands to connect to dbms...
Patron Info System SQL Injection Vulnerability
Patron Info System is a customer information system. Patron Info System has a remote sql injection vulnerability that allows remote attackers to execute malicious sql commands to connect to dbms...
Dorsa Web CMS SQL Injection Vulnerability
A remote SQL injection vulnerability exists in Dorsa Web CMS. A remote attacker is able to execute malicious sql commands to connect to dbms...
Techsoft WS CMS SQL Injection Vulnerability
TECHSOFT is a WEB solution. A remote SQL injection vulnerability exists in Techsoft Content Management System 2016 Q2. A remote attacker is able to execute malicious SQL commands to connect to dbms...
Quicksilver HQ VoHo Concept4E CMS SQL Injection Vulnerability
Quicksilver HQ VoHo Concept4E CMS v1.0 is a commercial version of the Energy, Environment, and Entertainment Content Management System. Quicksilver HQ VoHo Concept4E CMS suffers from a SQL injection vulnerability. An attacker is able to execute malicious sql commands to connect to dbms...
ChitaSoft SQL Injection Vulnerability
ChitaSoft suffers from a remote SQL injection vulnerability that allows remote attackers to execute malicious sql commands on the web application side or connect to dbms...
SQL Injection Vulnerability in UFIDA Software NC-IUFO System
UFIDA NC-IUFO system is a financial management software. The UFIDA NC-IUFO system suffers from a SQL injection vulnerability that can be exploited by an attacker to gain access to website database information...
Office Anywhere 网络智能办公系统某版本前台获取数据库(无需登录)
简要描述: Office Anywhere 网络智能办公系统某版本前台获取数据库(无需登录) 详细说明: Office Anywhere 2011 网络智能办公系统 存在一个通用路径泄漏问题,而泄漏的登录地址可以不需要权限登录到phpmyadmin 且权限为root /mysql/main.php 解密出来可直接登录,这里就不登录进去了 漏洞证明: 附部分案例: http://218.24.163.216:8080/ http://220.171.81.126:1234/ http://221.2.43.9:8000/ http://221.204.213.24/...
SQL injection vulnerability in the 'merid' parameter of the mining system of Shenzhen Jishu Communication Co.
Ltd. is a communication enterprise providing communication services and communication products. A SQL injection vulnerability exists in the program mining system of Shenzhen Jishu Communication Co. The lack of filtering of the 'merid' parameter allows an attacker to exploit the vulnerability to...
samba: SAMR and LSA man in the middle attacks
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be used by a...
SQL Injection Vulnerability in Submission System of Nanjing Jenohan Software Technology Co.
Nanjing Jenohan Software Technology Co., Ltd. is for the development of hospital full cost accounting decision support software system, hospital performance management information system and hospital customer management information system. A SQL injection vulnerability exists in the contribution...
Panmicro e-cology v8 SQL Injection Vulnerability
Panmicro collaborative management application platform e-cology is a set of collaborative business platform. A SQL injection vulnerability exists in the id parameter of the Panmicro e-cology oa system/hrm/resource/HrmResourceContactEdit.jsp page, which allows an attacker to elevate the privileges...
krb5: xdr_nullstring() doesn't check for terminating null character
An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission,...
Symantec Endpoint Protection Manager and Client SQL Injection Vulnerability
Symantec Endpoint Protection is a suite of antivirus software from Symantec Corporation in the U.S. SEP Manager and Client are the management and client software. A SQL injection vulnerability exists in Symantec Endpoint Protection Manager and Client, which allows remote attackers to exploit the...
Cisco Prime LAN Management Solution Hardcoding Vulnerability
Cisco Prime LAN Management Solution is a LAN-based network management solution from Cisco. A hard-coded vulnerability exists in Cisco Prime LAN Management Solution, which allows a local attacker to decrypt data in the LMS database using a hard-coded key to compromise an affected device...
PayPal remote code execution vulnerability-vulnerability warning-the black bar safety net
! /Article/UploadPic/2016-1/2016126182812936.jpg In 2 0 1 5 years 1 2 months,I in the PayPal Business Sitemanager.paypal.comfound a serious vulnerability,this vulnerability exist,so that I can through unsafe JAVA deserialize the object,in the PayPal website, the server on the remote using the she...