Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin passw...

EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.

Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.

upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.

An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.

admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files wit...

Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with...

The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the au...

School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb.

Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.

Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.

Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.

The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].

The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.

Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.

Library Management System 1.0 has SQL Injection via the "Search for Books" screen.

School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.

School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.

An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.