EUVD-2020-2960

Malware in sbrugna...

EUVD-2018-8831

Malware in sbrugna...

pharmacy-manage-system 安全漏洞

pharmacy-manage-system is a pharmacy management system by Krishna Aryal, an individual developer. A security vulnerability exists in pharmacy-manage-system, which stems from an SQL injection vulnerability in the invoicenumber parameter of the salesreport.php page...

The vulnerability of the command-line interface of microprogramming software for Cisco SD-WAN vBond Orchestrator, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge Routers, Cisco SD-WAN vSmart Controller, and the centralized network management system Cisco SD-WAN vManage arises from incorrect path name restrictions related to restricted access directories. This vulnerability allows attackers to create or re-record critical files.

The vulnerability of the command-line interface of microprogramming software for Cisco SD-WAN vBond Orchestrator, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge Routers, Cisco SD-WAN vSmart Controller, and the centralized network management system Cisco SD-WAN vManage is related to an...

Authentication Bypass Using an Alternate Path or Channel

Steps to reproduce 1. 1. Log into Administrator account 2. 2. Navigate to User section 3. 3. Create a new User, call it testUser pass is 12345678 4. 4. Navigate to Groups section and create a new group, call it testGroup 5. 5. Give a "manage:group" permission for testGroup and assign testUser...

CVE-2020-10505

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password...

Path traversal

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files...

Sql injection

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password...

CVE-2020-10507

CVE-2020-10507 concerns the ALLE INFORMATION CO., LTD. School Manage System (before 2020). The issue is an Unrestricted file upload vulnerability that can lead to remote code execution on the hosting machine. Root cause: misconfiguration of the file upload filter in the system (as noted in CNVD-2...

CVE-2020-10506 ALLE INFORMATION CO., LTD. School Manage System - Path Traversal

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files...

CVE-2020-10505 ALLE INFORMATION CO., LTD. School Manage System - SQL Injection

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password...

CVE-2020-10505

Summary (CVE-2020-10505): The School Manage System by ALLE INFORMATION CO., LTD. prior to 2020 contains an SQL Injection vulnerability that can be exploited via a union-based query to disclose database schema and credentials (username/password). Affected component: the School Manage System’s SQL ...

CVE-2020-10506

CVE-2020-10506 affects the School Manage System (before 2020) by ALLE INFORMATION CO., LTD. The vulnerability is a Path Traversal flaw that allows an attacker to access arbitrary files. The NVD entry lists a CVSSv3 base score of 7.5 (HIGH) , with network attack vector and no privileges required, ...

CVE-2018-17048

CVE-2018-17048 affects FDCMS (Fangfa Content Management System) version 4.2. The vulnerability is an SQL Injection in file admin/Lib/Action/FpluginAction.class.php , with the root cause described as unsafely constructed SQL leading to partial/high impact on confidentiality depending on access. Do...

PT-2019-16665 · Dell Emc · Dell Emc Openmanage System Administrator

Name of the Vulnerable Software and Affected Versions: Dell EMC Open Manage System Administrator OMSA versions prior to 9.3.0 Description: The issue is related to a Directory Traversal Vulnerability due to insufficient sanitization of input parameters. A remote authenticated malicious user with...

Fedora Update for puppet FEDORA-2012-6674

Check for the Version of puppet OpenVAS Vulnerability Test Fedora Update for puppet FEDORA-2012-6674 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Cmsez(with easy)the whole Station system of 0day-vulnerability warning-the black bar safety net

Program name: Cmsez Web Content Manage System v2. 0. 0 File: comments.php viewimg.php Code: --------------- ? //comments include "mainfile.php"; $art=new article; //Set $confirm='yes';//yes:need administrator authentication to the display,n is displayed directly $member=new member;...

Cmsez(随易)全站系统 0day

漏洞文件：comments.php viewimg.php ? //comments include "mainfile.php"; $art=new article; //设定 $confirm='yes';//yes:需要管理员认证后才能显示,no:直接显示 $member=new member; $userinfo=$member-memberauth; $ulevel=$userinfouserlevel; 设置 $action = $REQUESTaction; $page="10";// $needuser = "0";// $id = $REQUESTid;//...