77 matches found
Computrols CBAS Web SQL Injection Vulnerability
CBAS Web is a Web-based building management system BMS from Computrols. A SQL injection vulnerability exists in Computrols CBAS Web. The vulnerability stems from improper validation of parameters passed to different scripts. A remote authenticated attacker could exploit the vulnerability to execu...
Heilongjiang Yitong Network Technology Development Co., Ltd. website building system has SQL injection vulnerability
Heilongjiang Yitong Network Technology Development Co., Ltd. is an enterprise website building system. There is a SQL injection vulnerability in Heilongjiang Yitong Network Technology Development Co., Ltd. that can be exploited by attackers to obtain sensitive information from the database...
Azure DevOps Server Elevation of Privilege Vulnerability
Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as sharing code, work tracking, and software distribution. An elevation of privilege vulnerability exists in Microsoft Azure DevOps Server 2019,...
Netartmedia PHP Dating Site - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia Php Dating Site - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/datingsite/ Demo Site: https://www.phpscriptdemos.com/dating/ Version: Lastest Tested on: Kali Linux CVE:...
Netartmedia PHP Dating Site SQL Injection
Exploit Title: Netartmedia Php Dating Site - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/datingsite/ Demo Site: https://www.phpscriptdemos.com/dating/ Version: Lastest Tested on: Kali Linux CVE: N/A Description: PHP Dating Site is ...
Netartmedia PHP Dating Site - SQL Injection
Netartmedia PHP Dating Site - SQL Injection Exploit Title: Netartmedia Php Dating Site - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/datingsite/ Demo Site: https://www.phpscriptdemos.com/dating/ Version: Lastest Tested on: Kali Lin...
Netartmedia PHP Dating Site - SQL Injection
Exploit Title: Netartmedia Php Dating Site - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/datingsite/ Demo Site: https://www.phpscriptdemos.com/dating/ Version: Lastest Tested on: Kali Linux CVE: N/A Description: PHP Dating Site is ...
Directory Traversal Vulnerability in NetSoft Zhicheng Classifieds Website System
NetSoft Zhicheng classifieds website system is a php mysql based website building system. NetSoft Zhicheng classifieds website system has a directory traversal vulnerability that can be exploited by attackers to obtain sensitive information...
Security Bulletin: ClearQuest Web parameter tampering to elevated privileges (CVE-2012-2164)
Summary The IBM Rational ClearQuest Web client is subject to an elevated privileges attack. This allows an attacker to access the Site Administration menu. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...
Sony: Remote Code Execution (RCE) in a Sony Pictures WebSystem
⠀...
Stored Cross-Site Scripting Vulnerability in DocCMS
Rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. DocCMS 2016 version of a stored cross-si...
SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System Type Parameter
Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C multi-user mall system type parameter SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...
SemCms asp version search box has SQL injection vulnerability
SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox and other mainstream browsers.SemCms using php and vb language writing, combined with apache or iis running. SemCms asp version of the search b...
CVE-2016-9012
CloudVision Portal CVP before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle...
CVE-2016-9012
CloudVision Portal CVP before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle...
CVE-2016-8343
Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors...
yiqicms system product-add.php has arbitrary file upload vulnerability
Yiqicms is the first marketing enterprise website system completely based on SEO-friendly development, using PHP+Mysql open source building system. Yiqicms 1.8 version of the background there are arbitrary file upload vulnerability. Allow attackers to exploit the vulnerability can upload any file...
MetInfo Cross-Site Scripting Vulnerability
MetInfo is an enterprise website management system with PHP Mysql architecture. MetInfo suffers from a cross-site scripting vulnerability. Allow attackers to insert malicious code, obtain user cookies, etc...
WEBSQUARE JOB-CUBE -JOB WEB SYSTEM and -JOB WEB SYSTEM High Income Cross-Site Scripting Vulnerabilities
WEBSQUARE JOB-CUBE -JOB WEB SYSTEM and -JOB WEB SYSTEM High Income are both web site construction systems from WEBSQUARE Japan. A cross-site scripting vulnerability exists in WEBSQUARE JOB-CUBE -JOB WEB SYSTEM versions prior to 1.2.2 and -JOB WEB SYSTEM High Income versions 1.0.6 and prior. A...
CVE-2016-1144
Cross-site scripting XSS vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...