8132 matches found
10-Strike Network Inventory Explorer 8.54 - Add Local Buffer Overflow (SEH)
10-Strike Network Inventory Explorer 8.54 - Add Local Buffer Overflow SEH Exploit Title: 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow SEH Date: 2020-03-24 Author: Felipe Winsnes Vendor Homepage: https://www.10-strike.com/ Software Link:...
Grandstream UCM6200 SQL Injection Vulnerability (CNVD-2020-23201)
The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. An SQL injection vulnerability exists in the HTTP interface of the Grandstream UCM6200 versions prior to 1.0.19.20 and 1.0.20.17, which can be exploited by an attacker to execute shell commands...
SQL Injection Vulnerability in Shanghai Enterprise Torch Advertising Media Co.
Ltd. is committed to providing all kinds of enterprises and institutions with network domain name registration, web hosting rental, website construction and maintenance, website promotion and publicity, website revision and translation, enterprise post office, network payment, system integration,...
U-Mail mail server software suffers from SQL injection vulnerability ( CNVD-2020-26499).
U-Mail mail server software is a domestic first-tier brand that really provides lifetime free upgrades to the mail system, including data upgrades to the mail system, antivirus engine, and anti-spam engine. U-Mail mail server software has SQL injection vulnerability, attackers can use the...
SQL Injection Vulnerability in Hospital Purchasing and Supply Collaboration Platform of Beijing Zhicheng Yuyuan Technology Co.
The hospital procurement and supply collaboration platform is a real-name procurement and supply collaboration service platform for medical institutions and supplier enterprises in the distribution chain of the pharmaceutical and equipment supply chain. There is a SQL injection vulnerability in t...
SQL Injection Vulnerability in YUZHIGUO CMS sh***.asp Page
YUZHIGUO CMS is a content management system written in asp and using utf-8 coding. A SQL injection vulnerability exists in the YUZHIGUO CMS sh.asp page, which can be exploited by an attacker to obtain sensitive information from the database...
Cisco SD-WAN Solution vManage Command Injection Vulnerability
Cisco SD-WAN Solution is a set of network extension solutions from Cisco. vManage is a network management system. A command injection vulnerability exists in the Web UI in Cisco SD-WAN Solution vManage Release prior to 19.2.2, which stems from the Web UI failing to properly validate SQL values. A...
NETSAS Enigma NMS Information Disclosure Vulnerability
NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in NETSAS Enigma NMS version 65.0.0 and prior versions, which originates from the program not encrypting data stored in the SQL database. An attacker can exploit the...
PT-2020-2125 · Cisco · Cisco Sd-Wan Solution Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Solution vManage software affected versions not specified Description: The issue is related to a lack of protection against SQL query structure attacks in the vManage web interface of Cisco SD-WAN. This could allow a remote...
LogicalDoc SQL Injection Vulnerability
LogicalDOC is a set of document management system developed using Java technology . The system has Lucene full-text search indexing and automatic import and other functions. A SQL injection vulnerability exists in LogicalDoc versions prior to 8.3.3. The vulnerability stems from a lack of validati...
SuiteCRM SQL Injection Vulnerability (CNVD-2020-18564)
SuiteCRM is a free open source customer relationship management application. SuiteCRM suffers from an SQL injection vulnerability. No detailed vulnerability details are provided at this time...
ShopsN open source mall system v3.0.0 sh*** parameter SQL injection vulnerability
ShopsN open source mall system is a product of Shanghai Yisu Network Technology Co. Ltd. ShopsN open source mall system v3.0.0 sh parameter SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...
Sapplica Sentrifugo SQL Blind Bets Vulnerability
Sentrifugo is an intuitive and easy to use open source human resource management software. Sapplica Sentrifugo 3.2 suffers from an SQL blind injection vulnerability. An attacker can exploit this vulnerability to read sensitive information from a database used by the application via the...
The Basics of Exploit Development 2: SEH Overflows
In this article we will be writing an exploit for a 32-bit Windows application vulnerable to Structured Exception Handler SEH overflows. While this type of exploit has been around for a long time, it is still applicable to modern systems...
SQL Injection Vulnerability in Jinwei Mobile Mall System or***.php File
Jinwei mobile mall system is a micro-business customers with a public number, imitation hand Tao page layout, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory control, subdivided...
SQL injection vulnerability in us***.php file of Jinwei Mobile Mall system
Jinwei mobile mall system is a micro-business customers with a public number, imitation hand Tao page layout, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory control, subdivided...
XYCMS message board PHP version of the background of the SQL injection vulnerability
XYCMS message board PHP version is to php + MySQL for the development of php message board source code, software for the ordinary message board, can be widely used in corporate websites and other websites that need a message board to use. XYCMS message board PHP version of the background there ar...
ABB eSOMS SQL Injection Vulnerability
ABB eSOMS is a plant operations management system from ABB Switzerland. A SQL injection vulnerability exists in ABB eSOMS 6.0.3 and prior versions. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this...
SQL injection vulnerability in the us***.cl***.php file of YIXUNCMS enterprise website builder system
YIXUNCMS enterprise website construction system is a set of display website system developed by Yixun Software Studio for small and medium-sized enterprises. There is a SQL injection vulnerability in the us.cl.php file of YIXUNCMS enterprise website builder system. Attackers can use the...
Yubico YubiKey Validation Server SQL Injection Vulnerability (CNVD-2020-16073)
Yubico YubiKey Validation Server is an authentication server from the Swedish company Yubico. A SQL injection vulnerability exists in YubiKey Validation Server versions prior to 2.40. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...