| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php. |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. |
| EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement. |
| mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. |
| An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). |
| BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. |
| BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. |
| The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems. |
| Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results. |
| DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. |
| Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field. |
| In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password. |
