Apache Fineract SQL Injection Vulnerability (CNVD-2018-08693)

Apache Fineract is the United States Apache Apache Software Foundation's set of open source digital financial services platform. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. An SQL injection...

Alexandria Book Library component SQL injection vulnerability in Joomla!

Joomla! is a U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds , site search and other features . Alexandria Book Library component is used in one of the data management components . A SQL injection vulnerability exists in...

Slack: HTML Injection inside Slack promotional emails

Hi, There's a HTML injection vulnerability present inside emails sent from slack when the FIRST name on the account contains HTML. The html is stored in the backend database and when emails are sent promotional, etc, the HTML is sent along with the rest of the email. In my PoC, which is provided...

Joomla! PrayerCenter SQL Injection Vulnerability

Joomla! is an open source content management system CMS developed by the Open Source Matters team in the U.S. The system provides RSS feeds, site search, etc. PrayerCenter is used in one of the prayer sharing components. A SQL injection vulnerability exists in Joomla! PrayerCenter version 3.0.2. ...

Trend Micro Email Encryption Gateway SQL Injection Vulnerability (CNVD-2018-04494)

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A SQL injection vulnerability exists in the search configuration script in Trend...

IBM Security Key Lifecycle Manager SQL Injection Vulnerability

IBM Security Key Lifecycle Manager formerly known as Tivoli Key Lifecycle Manager is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A SQL injection vulnerability exists ...

CVE-2017-1757

IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858...

CVE-2017-1311

IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719...

U.S. Dept Of Defense: Able to view Backend Database dur to improper authentication

Vulnerable domain: https://█████████ Endpoint: https://█████████/schema/columns.byTable.html Description: When you visit the above endpoint you will get all the backend database. Its a critical vulnerability and should be patch as soon as possible. Let me know if you want any more details. FInd t...

CVE-2017-1269

IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744...

IBM Security Guardium SQL Injection Vulnerability

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes easy UI customization, report management and discovery and a streamlined audit process builder. An SQL injection vulnerability exists in IBM Security...

IBM Maximo Asset Management SQL Injection Vulnerability (CNVD-2017-21753)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. An SQL injectio...

IBM Sterling B2B Integrator SQL Injection Vulnerability

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A SQL injection vulnerability exists in IBM Sterling B2B...

IBM Kenexa LCMS Premier on Cloud SQL Injection Vulnerability

IBM Kenexa LCMS Premier on Cloud is an adjustable Learning Content Management System LCMS for developing, maintaining, and delivering effective employee training from IBM USA. IBM Kenexa LCMS Premier on Cloud suffers from a SQL injection vulnerability that could allow a remote attacker to view,...

IBM Kenexa LCMS Premier on Cloud SQL Injection Vulnerability (CNVD-2017-02716)

IBM Kenexa LCMS Premier on Cloud is an adjustable Learning Content Management System LCMS for developing, maintaining, and delivering effective employee training from IBM USA. IBM Kenexa LCMS Premier on Cloud suffers from a SQL injection vulnerability that could allow a remote attacker to view,...

CVE-2016-9993

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1992067...

CVE-2016-8929

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

CVE-2016-5952

IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

CVE-2016-5939

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

CVE-2016-3046

IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database...