Sql injection

SQL injection vulnerability in the "Users management" functionality in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this...

CVE-2018-12942

SQL injection vulnerability in the "Users management" functionality in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this...

CVE-2018-12942

SeedDMS (formerly LetoDMS/MyDMS) contains a SQL injection vulnerability in the Users management feature affecting versions before 5.1.8 . The flaw allows authenticated attackers to manipulate SQL queries on the application server, enabling extraction, modification, or deletion of data in the back...

SS-2018-016: Unsafe SQL Query Construction (Safe Data Source)

More info at https://www.silverstripe.org/download/security-releases/ss-2018-016/...

Design/Logic Flaw

The valueAsString parameter inside the JSON payload contained by the ucLogintxtLoginIdClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may...

phpMyAdmin 4.8.1 Code Execution / Local File Inclusion

Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 2 Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link:...

phpMyAdmin 4.8.1 Code Execution / Local File Inclusion Vulnerabilities

Exploit for php platform in category web applications Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...

Security Bulletin: Buffer Overflow from improperly formatted SELECT command in IBM Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-8998)

Summary An improperly formatted SELECT command to an IBM Tivoli Storage Manager IBM Spectrum Protect Server can cause a buffer overflow that could allow an attacker to execute arbitrary code on the server. Vulnerability Details CVEID: CVE-2016-8998 DESCRIPTION: IBM Tivoli Storage Manager Server...

Security Bulletin: Multiple IBM InfoSphere Information Server components are affected by a vulnerability in the XML4C parser (CVE-2014-8901)

Summary Multiple components of IBM InfoSphere Information Server may be affected by a denial of service attack triggered by a specially crafted XML document being parsed by the XML4C parser. Vulnerability Details CVEID: CVE-2014-8901 DESCRIPTION: IBM XML4J and XML4C contains a denial of service...

Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection Cross-Site Scripting

Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection Cross-Site Scripting Exploit Title: Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 26.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wachipi Vendor Homepage:...

Oracle WebCenter (Fatwire) Improper Access Control

Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 = CVE: CVE-2017-10033 Category: Webapps Tested on: Kali linux...

Oracle WebCenter FatWire Content Server < 7 - Improper Access Control

Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 = CVE: CVE-2017-10033 Category: Webapps Tested on: Kali linux...

CVE-2018-10256

A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query...

CVE-2017-17416

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue...

CVE-2017-17652

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results fr...

CVE-2017-17412

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue results from the lack o...

SQL query report needed for licensing users

How to verify the amount of licenses you are using by XenMobile users...

[R1] SecurityCenter 5.6.0 Fixes One Vulnerability

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a...