PT-2025-50511

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

PT-2025-50516

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...

EUVD-2021-34727

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system...

EUVD-2025-202305

A vulnerability was found in itsourcecode Student Management System 1.0. Affected by this issue is some unknown functionality of the file /promote.php. The manipulation of the argument sy results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and...

EUVD-2025-202321

A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /newadviser.php. Executing manipulation of the argument Name can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2021-47704

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...

CVE-2021-47704

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...

CVE-2021-47718

OpenBMCS 2.4 is affected by an information disclosure vulnerability manifested through directory listing. The root cause is an enabled directory listing feature that allows unauthenticated attackers to browse sensitive paths such as /debug/ and /php/ to discover configuration files, database cred...

CVE-2021-47718 OpenBMCS Directory Listing Information Disclosure

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system...

CVE-2021-47704 OpenBMCS SQL Injection via obix_test.php

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...

CVE-2021-47704

OpenBMCS 2.4 is affected by an SQL injection vulnerability in the obix_test.php endpoint. The issue allows authenticated attackers to manipulate database queries by supplying malicious id values through GET requests to /debug/obix_test.php, enabling extraction of database information. Multiple co...

Security Bulletin: IBM® Db2® is vulnerable to users regaining access without admin help after account lockout (CVE-2025-33012)

Summary IBM® Db2® is vulnerable to allowing an authenticated user to regain access after account lockout due to password use after expiration date. Vulnerability Details CVEID:CVE-2025-33012 DESCRIPTION: IBM Db2 for Linux could allow an authenticated user to regain access after account lockout du...

CVE-2025-14227

A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to the improper release of resources after use (CVE-2025-36006)

Summary IBM® Db2® could allow an authenticated user to cause a denial of service due to the improper release of resources after use. Vulnerability Details CVEID:CVE-2025-36006 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a...

Security Bulletin: IBM® Db2® federated Server is vulnerable to sensitive information disclosure under specific conditions (PRISMA-2021-0055)

Summary IBM® Db2® federated Server is affected by a vulnerability in Apache Commons Codec that could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker could exploit this vulnerability using a method call to obtain sensitive informatio...

CVE-2025-14335

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newschoolyear.php. The manipulation of the argument sy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-14335 itsourcecode Student Management System new_school_year.php sql injection

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newschoolyear.php. The manipulation of the argument sy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

EUVD-2025-202291

SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the actstr parameter...

EUVD-2025-202290

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...

EUVD-2025-202125

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a through = 5.2.3...