This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Product Description] | |
Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component. | |
------------------------------------------ | |
[Vulnerability Type] | |
SQL Injection | |
------------------------------------------ | |
[Vendor of Product] | |
Wealth Management System Limited |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Product Description] | |
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are | |
attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, | |
unintentionally. As a consequence, attackers could use the reset password function and control the system to send the | |
authentication code back to the channel that the attackers own. | |
------------------------------------------ | |
[Vulnerability Type] | |
Cross Site Request Forgery (CSRF) |