933 matches found
CVE-2021-44427
An unauthenticated SQL Injection vulnerability in Rosario Student Information System aka rosariosis before 8.1.1 allows remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter...
CVE-2021-44427
CVE-2021-44427 is an unauthenticated SQL injection in Rosario Student Information System (rosariosis) before 8.1.1. The vulnerability allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, DELETE) via the /Side.php endpoint using the syear parameter. Affected soft...
CVE-2021-44427
An unauthenticated SQL Injection vulnerability in Rosario Student Information System aka rosariosis before 8.1.1 allows remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter...
The vulnerability of the automated information system “Registration in OO” arises from the use of pre-set user accounts, allowing a perpetrator to gain unauthorized access to protected information.
The vulnerability of the automated information system “Registration in OO” is related to the use of pre-set user accounts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the automated information system “Registration in OO” arises from the lack of measures taken to protect the structure of the web page, allowing attackers to read arbitrary files.
The vulnerability of the automated information system “Registration in OO” is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files by sending a specially crafted POST request...
CVE-2021-41187
DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the API endpoints for /api/trackedEntityInstances and api/events in DHIS2. The...
CVE-2021-41187
CVE-2021-41187 concerns DHIS 2. A SQL injection vulnerability exists in specific DHIS2 versions (2.32, 2.33, 2.34, 2.35, 2.36) affecting the REST endpoints for /api/trackedEntityInstances and /api/events . Exploitation requires the attacker to be an authenticated DHIS2 user, and successful exploi...
DHIS 2 SQL注入漏洞
DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. DHIS 2 suffers from a SQL injection vulnerability that stems from a SQL injection security hole in a specific version of DHIS 2. The vulnerability affects API...
UBUNTU-CVE-2021-2417
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...
Oracle MySQL Server 输入验证错误漏洞
Oracle MySQL Server, a relational database from Oracle Corporation, is vulnerable in the Server: GIS component of Oracle MySQL Server 8.0.25 and earlier. An attacker can use this vulnerability to cause MySQL Server to hang or crash frequently and repeatedly complete denial of service, as well as...
SQL Injection Vulnerability in Network Video Surveillance System of Tianmai Technology
Zhengzhou Tianmai Technology Co., Ltd. was founded in 2004, is located in Zhengzhou City, National High-tech Industrial Development Zone, is specializing in public transportation intelligent system solutions provider, is the "city intelligent bus solutions" and "3G/4G video, Beidou/GPS monitoring...
SQL Injection Vulnerability in Farmers' Credit Information System of Nanning Desi Technology Co.
Nanning Desi Technology Co., Ltd, business scope includes computer software development and technical services; computer, office equipment sales and maintenance, etc.. A SQL injection vulnerability exists in the Farmer Credit Information System of Nanning Desi Technology Co. An attacker can utili...
SQL Injection Vulnerability in Multimedia Information Distribution System of Guangdong Xing Shen Technology Co.
Ltd. is located in Guangzhou Science City, where high-tech enterprises gather, and is an innovative enterprise specializing in the research, development, production and sales of commercial display systems, intelligent robots and other products. Ltd. multimedia information dissemination system SQL...
Information Flows and Democracy
Henry Farrell and I published a paper on fixing American democracy: "Rechanneling Beliefs: How Information Flows Hinder or Help Democracy." Its much easier for democratic stability to break down than most people realize, but this doesnt mean we must despair over the future. Its possible, though...
SQL Injection Vulnerability in RG-EG Easy Gateway Management System (RG-EG)
Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other items. A SQL injection vulnerability exists in the RG-EG Easy Gateway management system, which can be exploited by attackers to obtain...
Human Resource Information System 0.1 Remote Code Execution
Exploit Title: Human Resource Information System 0.1 - Remote Code Execution Unauthenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...
Human Resource Information System 1.0 Authentication Bypass / Account Creation
Exploit Title: Human Resource Information System 1.0 - Create Admin Account Unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14714/human-resource-information-using-phpmysqliobject-orientedcomplete-free-sourcecode.html Version:1.0 Tested on: windows...
Weak Password Vulnerability in RG-EG Easy Gateway Web Management System
Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other items. A weak password vulnerability exists in the RG-EG Easy Gateway web management system, which can be exploited by attackers to obtain...
django: potential SQL injection via "tolerance" parameter in GIS functions and aggregates on Oracle
A SQL-injection flaw was found in python-django, where GIS functions and aggregates in Oracle did not correctly neutralize tolerance-parameter data. A remote attacker could use this flaw to submit crafted data to inject malicious SQL...
CVE-2021-3506
An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this...