8 matches found
A survey of FedRAMP’s new supply chain requirements
Over the past few years, supply chain management has shifted from a background requirement that everyone unknowingly relies upon, to being a commonly talked about aspect of our everyday lives. The Federal government has ramped up its effort to gain a handle on supply chain threats as a result of...
When War Struck, Ukraine Turned to Telegram
As Russian troops surround Kyiv, millions of Ukrainians have relied on the messaging platform for government information...
SQL injection vulnerability in the webappcode parameter of sendmail.jsp page of government information system of Fujian Xingyu Information Technology Co.
The open government information platform is a WEB system that strengthens the construction and management of open government information through informatization means. There is a SQL injection vulnerability in this product, the vulnerability URL is: http://target/cms/cms/infopub/sendmail.jsp, the...
SQL injection vulnerability in the NewUserName parameter of the getquestion.jsp page of the government information system of Fujian Xingyu Information Technology Co.
The open government information platform is a WEB system that strengthens the construction and management of open government information through informatization means. There is a SQL injection vulnerability in the modified product, the vulnerability URL is:...
3 6 0 Marvel Team virtualization vulnerabilities the fifth bomb: CVE-2 0 1 6-3 7 1 0 Dark Portal vulnerability analysis-vulnerability warning-the black bar safety net
From 2 0 1 5 year 5 month venom vulnerabilities raging global Cloud Platform, 3 6 0 Marvel Team accumulated in kvm, xen, vmware platform on found submitted up to 2 2 pieces of high-risk security 0day vulnerabilities, these vulnerabilities will lead to a General purpose cloud system was hacked...
南京大汉某政府信息公开系统存在通用型SQL注入
简要描述: 貌似这处没报过。 详细说明: 大汉政府信息公开系统 参数applystarttime、webid没有做任何处理就直接可以作为sql语句拼接,会造成sql注入。 POST /xxgk/jcmsfiles/jcms1/web1/site/zfxxgk/ysqgk/ysqgksearch.jsp HTTP/1.1 Accept: text/html, application/xhtml+xml, / Accept-Language: zh-CN User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; Trident/7.0;...
SQL Injection Vulnerability in Websiteid Parameter of Government Information System of Beijing Xiangyu Leading Software Co.
One-stop government information disclosure system is a management system that realizes the construction of open government columns based on website groups. There is a SQL injection vulnerability in the websiteid parameter of the one-stop government information disclosure system of Beijing Xiangyu...
大汉xxgk(政府信息公开)系统某处越权+getshell
简要描述: 政府信息公开系统的getshell。和前两天发的那个拿shell方式是不一样的。 详细说明: 越权发生在setup/oprsetting.jsp 拿shell是在上传license文件的jsp中setup/oprlicenceinfo.jsp 漏洞证明: 此时已经将setup的登录密码清空。(有风险,请勿随意尝试,不要跟着我犯错……) 提交数据的时候清空密码即可登录成功 img src="https://images.seebug.org/upload/201403/032350491567f745ccbf670be2346bb5147a9878.png"...