Damon Database Vulnerability for Overstepping Authority and Tampering with Data

DM7 is a new-generation database product designed by Damon on the basis of summarizing the R&D and application experience of DM series products, absorbing the advantages of mainstream database products, and adopting JAVA-like virtual machine technology. DM7 database has the vulnerability of...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to the main page; the 2 beanReference parameter to the JavaBean viewer page; or the 3 pyTableName to the System database schema...

CVE-2017-11355

Multiple cross-site scripting XSS vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to the main page; the 2 beanReference parameter to the JavaBean viewer page; or the 3 pyTableName to the System database schema...

CVE-2017-11355

Multiple cross-site scripting XSS vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to the main page; the 2 beanReference parameter to the JavaBean viewer page; or the 3 pyTableName to the System database schema...

CVE-2017-11355

Pegasystems PEGA Platform 7.2 ML0 and earlier are affected by multiple XSS vulnerabilities (CVE-2017-11355) allowing remote attackers to inject arbitrary scripts via PATH_INFO, the JavaBean viewer beanReference, or pyTableName on the System database schema modification page; CVE-2017-11356 also a...

PEGA Platform 7.2 ML0 - Missing Access Control Cross-Site Scripting

PEGA Platform 7.2 ML0 - Missing Access Control Cross-Site Scripting Summary ======= 1. Missing access control CVE-2017-11356 2. Multiple cross-site scripting CVE-2017-11355 Vendor ====== "Pegasystems Inc. is the leader in software for customer engagement and operational excellence. Pega’s adaptiv...

SQL Injection Vulnerability in Jiangnan Keyou HAC Bastion Machine

Jiangnan Keyou Operation and Maintenance Security Audit System HAC is used to solve critical IT infrastructure operation and maintenance security problems. It is capable of performing secure and effective operation audits on Unix and Windows hosts, servers, as well as data access on networks and...

HP/HPE/Micro Focus Universal CMDB Detection (HTTP)

HTTP based detection of HP/HPE/Micro Focus Universal CMDB. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

NETRUN VPN Internet Behavior Management Router SQL Injection Vulnerability

NetRun is currently a domestic network terminal equipment and application provider. NetRun's products cover Internet access, secure VPN virtual private network, Internet behavior management, cellular broadband access, professional traffic control, billing management system and so on. SQL injectio...

Design/Logic Flaw

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656...

CVE-2015-4305

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656...

CVE-2015-4305

Cisco Prime Collaboration Assurance before 10.5.1.53684-1 contains an information-disclosure vulnerability in the web framework where authenticated, remote attackers can bypass read restrictions via a crafted URL to obtain credentials and SNMP community strings for devices imported into the syste...

Cisco Prime Collaboration Assurance Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to access information about any device imported into the system database. The vulnerability is due to improper implementation of authorization and access controls. An attacker...

Fedora Update for bugzilla FEDORA-2013-19480

Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2013-19480 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for bugzilla FEDORA-2012-11324

Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2012-11324 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

phpBugTracker < 0.9.1 - Multiple Vulnerabilities

phpBugTracke Multiple Vulnerabilities Vendor: Benjamin Curtis Product: phpBugTracke Version: query"delete from ".TBLBUGVOTE." where userid = $u and bugid = $bugid"; As we can see from that line of code taken from about line 30 of user.php it is clear that the $bugid variable is passed into the...