s-cms SQL Injection Vulnerability

s-cms is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in s-cms 3.0. A remote attacker can exploit the vulnerability by providing the '0id' parameter to the member/post.php file or POST data to the member/memberlogin.php file to log into the system...

Citrix SD-WAN and NetScaler SD-WAN SQL Injection Vulnerabilities

Citrix SD-WAN and NetScaler SD-WAN are both software-defined WAN solutions from Citrix Systems USA. The products support real-time path selection, edge routing, stateful firewalls, end-to-end Qos and WANs. A SQL injection vulnerability exists in Citrix SD-WAN and NetScaler SD-WAN, which can be...

Duomicms x3.0_UTF8_Official version of the front-end SQL injection vulnerability

DuomiCms is a video-on-demand system designed for movie and TV station owners. Duomicms x3.0UTF8official version of the front end of the vi.php file there is a SQL injection vulnerability, attackers can exploit the vulnerability to obtain database sensitive information...

ThinkPHP SQL Injection Vulnerability (CNVD-2018-21508)

ThinkPHP is an open source, lightweight PHP-based web application development framework. A SQL injection vulnerability exists in ThinkPHP version 5.1.25. A remote attacker can exploit the vulnerability to obtain data...

OwnTicket SQL Injection Vulnerability

OwnTicket is a workflow management system. A SQL injection vulnerability exists in OwnTicket version 2018-05-23. A remote attacker can exploit the vulnerability to execute arbitrary SQL commands with the help of 'showTicketId' or 'editTicketStatusId' parameters...

IBM Kenexa LCMS Premier on Cloud SQL Injection Vulnerability

IBM Kenexa LCMS Premier on Cloud is an adjustable Learning Content Management System LCMS for developing, maintaining, and delivering effective employee training from IBM USA. A SQL injection vulnerability exists in IBM Kenexa LCMS Premier on Cloud. A remote attacker could exploit the vulnerabili...

SQL Injection Vulnerability in the Management System of Official Vehicles of Organizations

Tianjin Guozhiheng Beidou Science and Technology Co., Ltd. is a computer field technology company, the company can provide the overall solution and implementation program of location information big data based on Beidou technology. There is a SQL injection vulnerability in the management system o...

S-CMS E-commerce System SQL Injection Vulnerability in Frontend

S-CMS e-commerce system is an e-commerce software. A SQL injection vulnerability exists in the frontend of S-CMS E-commerce System. An attacker can exploit the vulnerability to obtain sensitive information from the database...

SQL injection vulnerability in ShopsN open source online store full web system (CNVD-2018-22117)

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN open source online store system has a...

SQL injection vulnerability in ShopsN open source online store full web system (CNVD-2018-22113)

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN open source online store system has a...

PbootCMS V1.2.1 SQL Injection Vulnerability in Frontend

PbootCMS is a new core open source enterprise building system developed by Avantech. PbootCMS V1.2.1 has a SQL injection vulnerability in the frontend, which can be exploited by attackers to obtain sensitive information...

REDAXO SQL Injection Vulnerability

REDAXO is an open source Web portal content management system . The system supports custom modules , plug-in extensions , project backup and so on. A SQL injection vulnerability exists in Benutzerverwaltung in versions prior to REDAXO 5.6.4. A remote attacker can exploit this vulnerability to...

[SECURITY] Fedora 29 Update: python-markdown2-2.3.6-1.fc29

Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...

Naviwebs Navigate CMS SQL Injection Vulnerability

Naviwebs Navigate CMS is an open source content management system CMS. A SQL injection vulnerability exists in the login.php file in Naviwebs Navigate CMS version 2.8. A remote attacker can exploit the vulnerability to bypass authentication...

Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zahir Enterprise Plus 6 Stack Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Zahir Enterprise Plus version ...

Zahir Enterprise Plus 6 Stack Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zahir Enterprise Plus 6 Stack Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Zahir Enterprise Plus version ...

The vulnerability of the Android operating system’s component loading manager allows attackers to disclose sensitive information that is protected by security measures.

The vulnerability of the Android operating system’s component loading manager is related to insufficient protection of the SQL query structure. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information...

CVE-2018-1819

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end databas...

Multiple vulnerabilities in Denbun

Overview Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Hard-coded credentials for the configuration management page CWE-798 - CVE-2018-0681 Improper session management...

Zahir Enterprise Plus 6 Stack Buffer Overflow

This module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler...