Harbin Youyang Technology Co., Ltd. website building system has SQL injection vulnerabilities

Harbin Youyang Technology Co., Ltd. is an Internet application technology and consulting service provider. There is a SQL injection vulnerability in the website building system of Harbin YouYang Technology Co., Ltd, which can be exploited by attackers to obtain sensitive information...

WordPress FV Flowplayer Video Player SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.FV Flowplayer Video Player is a video player plugin used in it. A SQL injection vulnerability exists in WordPress FolioVisio...

SQL Injection Vulnerability in Xiamen Phoenix Chuangyi Software Co.

Phoenix Chuangyi software development teaching and training software, providing vivid image of three-dimensional interactive teaching, for the construction of high-quality professional schools, innovative teaching mode and teaching content to provide a powerful support platform. Xiamen Phoenix...

Hubei Yibaitian Network Media Co., Ltd. website builder system has SQL injection vulnerability

YBTS Network Media operates computer software and hardware R&D business and Internet data business in Shanghai Telecom's Caobao Road/Wai Gao Qiao/Wusheng Road and other national server rooms. Hubei YBTS Network Media Co., Ltd. website building system has SQL injection vulnerability, attackers can...

CVE-2019-7003

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions...

SQL Injection Vulnerability in Normandy Technology Website Building System

Zhongshan Normandy Information Technology Co., Ltd. is a service organization that provides network informatization for enterprises and institutions. Normandy Technology website building system has SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information in...

Trape SQL Injection Vulnerability (CNVD-2019-22230)

Trape is a suite of open source Internet tracking and identification tools. The tool is capable of remotely identifying sessions and simulating phishing attacks. A SQL injection vulnerability exists in Trape 2019-05-08 and prior versions. The vulnerability stems from a lack of validation of...

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

SQL Injection Vulnerability in AIT CMS

Hainan Zanzan Network Technology Co., Ltd. is a professional website construction, network services, operation technology output network company in the industry. There is a SQL injection vulnerability in AIT CMS, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in Zhongyan Ruihua Video Surveillance Management Platform

Ningbo Zhongyan Ruihua Digital Technology Co., Ltd former Oriental Ruihua develops and sells "RUIHUA" Ruihua 3G wireless video surveillance, cell phone video surveillance, wireless data transmission, software development and other series of products. A SQL injection vulnerability exists in Ruihua...

SQL Injection Vulnerability in Beijing Night Cat Website Building System

Beijing Nightcats Tiancheng Network Technology Co., Ltd referred to as Nightcats Network, is a professional website design and website construction service provider. There is a SQL injection vulnerability in Beijing Nightcats website building system, which can be exploited by attackers to obtain...

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

CSZ CMS SQL Injection Vulnerability

CSZ CMS is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in the core/MYSecurity.php file in CSZ CMS version 1.2.2 prior to 2019-06-20. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based application...

SQL Injection Vulnerability in Enterprise Side Internet Integrated Management Platform

Beijing Yahong Century Technology Development Co., Ltd. is a technology company specializing in Internet spatial data governance, network and information security and data value-added solutions and services. An SQL injection vulnerability exists in the Enterprise Side Internet Integrated Manageme...

CVE-2019-7232

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler SEH address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to...

CVE-2019-7232

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler SEH address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to...

Buffer overflow

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler SEH address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to...

CVE-2019-7232

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler SEH address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to...

Dutch Auction Factory Component SQL Injection Vulnerability in Joomla!

Joomla! is a U.S. Open Source Matters team using PHP and MySQL development of a set of open source, cross-platform content management system CMS. Dutch Auction Factory is used in one of the auction site to create extensions . A SQL injection vulnerability exists in the Dutch Auction Factory...

Apache Fineract SQL Injection Vulnerability (CNVD-2019-19050)

Apache Fineract is a set of open source digital financial services platform of the U.S. Apache Apache Software Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. An SQL injection vulnerability...