CVE-2019-16724

File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler SEH based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331...

Design/Logic Flaw

File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler SEH based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331...

GandCrab Operators Resurface with REvil Malware

The malware that hit 22 Texas municipalities and various dentist offices around the country recently is likely the work of the crew behind the GandCrab ransomware – indicating that the group didn’t really retire after all. In late May, the GandCrab operators said they decided to ride off into the...

CVE-2019-16383

MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker...

PT-2019-14795 · Upredsun · File Sharing Wizard

File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler SEH based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331...

SQL Injection Vulnerability in the Website Building System **fo.asp Page of Anshan China Domain Network Technology Co.

Ltd. is a high-tech network company that specializes in website building and website construction. Ltd. website building system fo.asp page SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information such as database...

SQL injection vulnerability in zzcms 2019 frontend (CNVD-2019-37717)

zzcms webmaster Merchants content management system, developed by the zzcms team, into the database optimization, content caching, AJAX and other technologies, so that the site's security, stability, load capacity to get a reliable protection. Open source, independent functional modules, to...

S-CMS e-commerce system aj***.php page L_*** parameter has SQL injection vulnerability

S-CMS e-commerce system is an e-commerce software. S-CMS e-commerce system aj.php page L parameter exists SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

WordPress kama-clic-counter plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. kama-clic-counter is a plugin that uses the page download feature in it. A SQL injection vulnerability exists in version 3.4.9 of the...

WordPress Relevanssi Premium Plugin SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Relevanssi Premium plugin versions prior to 1.14.6.1. The...

CVE-2019-16309

FlameCMS 3.3.5 has SQL injection in account/login.php via accountName...

SQL Injection Vulnerability in the Frontend Web*** of Nanjing Benan's Hidden Trouble Detection and Management Information System for Work Safety Accidents v2.3

Nanjing Benan Instrumentation Systems Co., Ltd. is committed to the design and development of hardware and software products in the field of safety production. Nanjing Benan Safety Production Accident Hidden Trouble Detection and Management Information System v2.3 There exists a SQL injection...

SQL Injection Vulnerability in the Front-end of Nanjing Benan's Hidden Trouble Investigation and Management Information System for Work Safety Accidents

Nanjing Benan Instrumentation Systems Co., Ltd. is committed to the design and development of hardware and software products in the field of safety production. SQL injection vulnerability exists in the front-end of Nanjing Benan's information system for investigating and managing hidden productio...

WordPress SlickQuiz SQL Injection Vulnerability

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Foundation.SlickQuiz is a plugin for displaying and managing nice dynamic quizzes. WordPress SlickQuiz suffers from a SQL injection vulnerability that can be exploited by attackers to execute illegal SQL...

S-CM e-commerce system aj***.php page P_sort parameter SQL injection vulnerability

S-CMS e-commerce system is an e-commerce software. S-CM e-commerce system aj.php page Psort parameter SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitive information...

WordPress photo-gallery plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. photo-gallery is an image gallery plugin used in it. A SQL injection vulnerability exists in WordPress photo-gallery 10Web Photo Galle...

SQL Injection Vulnerability in FlameCMS

FlameCMS lightweight modular front-end framework for developing fast, powerful web interfaces. FlameCMS suffers from a SQL injection vulnerability that can be exploited by attackers to obtain database information...

S-CMS php version hospital website building system v1.0 SQL injection vulnerability in background aj***.php page (CNVD-2019-32865)

S-CMS php version hospital website building system is a PHP based website building system. S-CMS php version hospital website builder system v1.0 has a SQL injection vulnerability in the background aj.php page, which can be exploited by attackers to obtain sensitive information from the database...

Epignosis eFront LMS SQL Injection Vulnerability

Epignosis eFront LMS is a suite of online e-learning platforms from Epignosis, Inc. in the United States. The platform provides test building, assignment management, internal messaging, forums and online chat. A SQL injection vulnerability exists in Epignosis eFront LMS version 5.2.12 and earlier...

SQL Injection Vulnerability in the 'nrfl' Parameter of the APP Interface of Mobile Phone Letter (Mass Version)

Jiangsu Chuhuai Software Technology Development Co., Ltd. is a high-tech industry software company integrating software development, system integration and informationization construction. There is a SQL injection vulnerability in the Mobile Letter and Visit Mass Version APP, which can be exploit...