CVE-2023-20010

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...

Sql injection

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

“Oops, I insecurely coded again!”

The call is coming from inside the house It’s no secret that companies need to be vigilant about application security. However, frequently the source of application vulnerabilities may come as a surprise to security teams. While zero-day exploits are a principal focus of vulnerability mitigation...

SourceCodester Online Railway Reservation System SQL注入漏洞（CNVD-2022-53357）

Sourcecodester Online Railway Reservation system is a web-based application that provides an online platform for rail or train station passengers or would-be passengers to view their schedules and reserve seats. Online Railway Reservation System v1.0 version contains a SQL injection vulnerability...

Merchandise Online Store SQL Injection Vulnerability (CNVD-2022-66681)

Merchandise Online Store is a merchandise online store system. merchandise Online Store version 1.0 is vulnerable to SQL injection, which can be exploited by attackers via /vloggersmerch/classes/Master.php?f=delete product to conduct SQL injection attacks...

Badminton Center Management sql injection vulnerability (CNVD-2022-66682)

Badminton Center Management System is a badminton center management system. It provides an online and automated platform for badminton centers to manage their daily transactions and records. sql injection vulnerability exists in Badminton Center Management 1.0. An attacker can exploit this...

WordPress Conversios.io plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. SQL injection vulnerability exists in versions of WordPress...

Backport for CVE-2021-21024 Blind SQLi from Magento 2

Impact This vulnerability allows an administrator unauthorized access to restricted resources. We fixed a vulnerability in the MySQL adapter to prevent SQL injection attacks. This is a backport of CVE-2021-21024 https://helpx.adobe.com/security/products/magento/apsb21-08.html. Patches Has the...

Ubuntu 18.04 LTS : Django vulnerability (USN-4264-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4264-1 advisory. Simon Charette discovered that Django incorrectly handled input in the PostgreSQL module. A remote attacker could possibly use this to perform SQL injection...

Critical Flaws in Magento e-Commerce Platform Allow Code-Execution

Critical vulnerabilities in Adobe’s Magento e-commerce platform – a favorite target of the Magecart cybergang – could lead to arbitrary code execution. Adobe issued patches on Tuesday as part of its overall release of the Magento 2.3.4 upgrade, giving the fixes a “priority 2” rating. In Adobe...

Zoho ManageEngine OpManager 12.3 SQL Injection Vulnerability

Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API. I. VULNERABILITY ------------------------- Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. II. CVE REFERENCE...

Dolibarr <= 4.0.4 Multiple Vulnerabilities - Active Check

Dolibarr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dolibarr:dolibarr"; ifdescription...

Windows Botnet Spreading Mirai Variant

A Chinese-speaking attacker is spreading a Mirai variant from a repurposed Windows-based botnet. Researchers at Kaspersky Lab published a report today, and said the code was written by an experienced developer who also built in the capability to spread the IoT malware to Linux machines under...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of 1 administrators for requests that create an administrator account via a request to admin/usersedit.php or 2 arbitrary users for requests that conduct SQL...

CVE-2012-6691

Multiple cross-site request forgery CSRF vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 status parameter to admin/statsmonthlysales.php or 2 country parameter...

Cacti < 0.8.6f Multiple Vulnerabilities

According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.6f. It is, therefore, potentially affected by the following vulnerabilities : - Multiple vulnerabilities exist due to improper input validation in 'graphimage.php' and...

Ultra Electronics AEP Ultra Protect Multiple Vulnerabilities

Ultra Electronics AEP Ultra Protect is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create new FTP users via a CreateFTP action in the ftpmanagement module to the default URI, 2 conduct cross-site scriptin...

Comersus BackOffice 4.x/5.0/6.0 /comersus/database/comersus.mdb Direct Request Database Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are prone to SQL injection attacks, information disclosure and...

USPS Spam Campaign Drops Asprox Botnet Malware

A new spam campaign has emerged in support of the Asprox botnet. The scheme involves shipping receipt emails that contain malicious links and purport to come from the United States Postal Service USPS. Anyone who receives one of these emails and clicks on the link therein will have a zip file...