Code-Projects Human Resource Integrated System 安全漏洞

Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /loginquery12.php. An attacker can exploit...

code-projects Vehicle Management 注入漏洞

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter from in the file /filter2.php. An attacker can exploit this vulnerability to execute illega...

IBM Sterling B2B Integrator SQL注入漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...

Mini-Tmall 安全漏洞

Mini-Tmall is a Spring Boot-based mini-Tmall mall , fast deployment run , suitable for use as a bijou template . SQL injection vulnerability exists in versions prior to Mini-Tmall v2024.07.03. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...

SUSE CVE-2018-16438

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5Lexternquery at H5Lexternal.c...

JHipster SQL注入漏洞

JHipster is an open source application builder that develops web applications and microservices primarily using Angular or React and Spring Framework.JHipster suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, whic...

We-COM Municipality portal CMS SQL Injection Vulnerability

We-COM Municipality portal CMS is a Content Management System CMS from the Italian company We-COM. A SQL injection vulnerability exists in We-COM Municipality portal CMS version 2.1.x. The vulnerability stems from a lack of validation of externally-entered SQL statements in a database-based...

UBUNTU-CVE-2018-16438

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5Lexternquery at H5Lexternal.c...

CouchDB未授权访问导致的任意系统命令执行漏洞

详情来源：阿里云安全 0x01 漏洞的来龙去脉 CouchDB 是一个开源的面向文档的数据库管理系统，可以通过 RESTful JavaScript Object Notation JSON API 访问。CouchDB会默认会在5984端口开放Restful的API接口，用于数据库的管理功能。 那么，问题出在哪呢？翻阅官方描述会发现，CouchDB中有一个QueryServer的配置项，在官方文档中是这么描述的： CouchDB delegates computation of design documents functions to external query servers...

security flaw

Off-by-one error in the sqlerror function in sqlunixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service crash and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single...