8004 matches found
Orpak SitOmat SQL Injection Vulnerability
Orpak SitOmat is a remote takeover refueling system from Orpak India. A SQL injection vulnerability exists in Orpak SitOmat, which can be exploited by remote attackers to execute SQL commands...
Fedora Update for python-markdown2 FEDORA-2019-095c760511
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
The vulnerability of the Etlas electronic document management system lies in the lack of protection for SQL query structures, which allows attackers to disclose the protected information.
The vulnerability of the Etlas electronic document management system lies in the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to gain access to protected information by entering a specially crafted SQL query into the “Process Name” field o...
The vulnerability of the Dr.Web Enterprise Security Suite, an anti-virus protection tool, lies in the lack of SQL query filtering. This allows attackers to increase their privileges.
The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in the absence of SQL query filtering. Exploiting this vulnerability allows a malicious actor, who operates remotely and has no access to the application’s administrative operations via the web interface, to...
doorGets SQL Injection Vulnerability (CNVD-2019-13802)
DoorGets is a free and open source content management system. A SQL injection vulnerability exists in /doorgets/app/requests/user/modulecategoryRequest.php in doorGets 7.0. This vulnerability can be exploited by a user with remote backend administrator privileges or a user with manage...
doorGets SQL Injection Vulnerability (CNVD-2019-26507)
doorGets is a content management system CMS. The system supports multiple languages, and system backups and theme changes, etc. A SQL injection vulnerability exists in doorGets version 7.0, which can be exploited by attackers to execute illegal SQL commands...
doorGets SQL Injection Vulnerability (CNVD-2019-26504)
doorGets is a content management system CMS. The system supports multiple languages, and system backups and theme changes, etc. A SQL injection vulnerability exists in doorGets version 7.0, which can be exploited by attackers to execute illegal SQL commands...
Vulnerability of the Server: Optimizer component of the MySQL database management system, which allows a hacker to cause a service failure.
The vulnerability of the Server: Optimizer component of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
Lavavo CD Ripper 4.20 - 'License Activation Name' Buffer Overflow (SEH)
Exploit Title: Lavavo CD Ripper 4.20 Local Seh Exploit Date: 25.04.2019 Vendor Homepage:https://www.lavavosoftware.com Software Link: https://lavavo-cd-ripper.jaleco.com/download Exploit Author: Achilles Tested Version: 4.20 Tested on: Windows XP SP3 EN Windows 7 Sp1 x64 1.- Run python code :...
SEH Buffer Overflow Vulnerability in DVD Photo Slideshow Professional
DVD Photo Slideshow Pro is a simple, practical and powerful program for creating electronic photo albums. DVD Photo Slideshow Professional suffers from a SEH buffer overflow vulnerability. The vulnerability can be exploited to execute arbitrary code within the context of the application by failin...
[SECURITY] Fedora 29 Update: libxmlb-0.1.8-2.fc29
XML is slow to parse and strings inside the document cannot be memory mappe d as they do not have a trailing NUL char. The libxmlb library takes XML source, and converts it to a structured binary representation with a deduplicated string table -- where the strings have the NULs included. This...
SQL Injection Vulnerability in phpshe v1.7 (CNVD-2019-12520)
PHPSHE mall system is a combination of product display, online shopping, order management, payment management, article management, customer consultation feedback and other functions, providing users with online shopping mall construction program. phpshe v1.7 version of the existence of SQL...
SQL injection vulnerability in ch***.asp file of Dynamic Sciences enterprise website management system
Dynamic enterprise website management system is an asp + access for the development of enterprise website source code. There is a SQL injection vulnerability in the ch.asp file. An attacker can exploit the vulnerability to obtain sensitive information from the database...
SQL injection vulnerability in the ch***.asp file of the enterprise website management system of Dynamic Science (CNVD-2019-13589)
Dynamic enterprise website management system is an asp + access for the development of enterprise website source code. There is a SQL injection vulnerability in the ch.asp file. An attacker can exploit the vulnerability to obtain sensitive information from the database...
SQL Injection Vulnerability in Website Building System of Ningbo Mufeng Network Technology Co.
Ningbo Mufeng Network Technology Co., Ltd. is a website design company with the core business of website construction, website production, website development, graphic design and corporate branding in Ningbo. There is a SQL injection vulnerability in the website building system of Ningbo Mufeng...
[SECURITY] Fedora 30 Update: libxmlb-0.1.8-2.fc30
XML is slow to parse and strings inside the document cannot be memory mappe d as they do not have a trailing NUL char. The libxmlb library takes XML source, and converts it to a structured binary representation with a deduplicated string table -- where the strings have the NULs included. This...
Heilongjiang Yitong Network Technology Development Co., Ltd. website building system has SQL injection vulnerability
Heilongjiang Yitong Network Technology Development Co., Ltd. is an enterprise website building system. There is a SQL injection vulnerability in Heilongjiang Yitong Network Technology Development Co., Ltd. that can be exploited by attackers to obtain sensitive information from the database...
Magento SQL Injection Vulnerability
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions. A SQL injection vulnerability exists in Magento, which stems from a lack of validation of externally entered SQL...
MKCMS SQL Injection Vulnerability
MKCMS is a content management system. A SQL injection vulnerability exists in MKCMS version V5.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to execute illegal SQL commands...
UBUNTU-CVE-2018-20505
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service application crash by leveraging the ability to run arbitrary SQL statements such as in certain WebSQL use cases...