1140 matches found
SQL injection vulnerability in news.htm?id=parameter of distance learning platform of Shenzhen Tengchuang Network Technology Co.
Tengchuang Internet Distance Education Platform is centered on real-time interactive online classroom, combining powerful functions such as courseware on demand, course transaction, online payment and online examination to build a perfect online knowledge transaction platform for students and...
Apache Ranger SQL Injection Vulnerability
Apache Ranger is a set of architectures for implementing comprehensive security measures for Hadoop clusters, providing centralized security policy management for core enterprise security requirements such as authorization, billing and data protection. Apache Ranger suffers from a SQL injection...
SQL Injection Vulnerability in Image Archiving and Transmission System of Infidel Software (Shanghai) Co.
Infidel Software Shanghai Co., Ltd. image archiving and transmission system is a set of software about medical image archiving and transmission. An SQL injection vulnerability exists in the Image Archiving and Transfer System of Infinera Software Shanghai Co. Ltd, which can be exploited by an...
Cisco Cloud Network Automation Provisioner SQL Injection Vulnerability
Cisco Cloud Network Automation Provisioner is a suite of cloud network automation provisioning software. A SQL injection vulnerability exists in Cisco Cloud Network Automation Provisioner, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to...
Trend Micro Email Encryption SQL Injection Vulnerability
Trend Micro Email Encryption is a suite of identity-based email encryption solutions, and Trend Micro Email Encryption Gateway is one of the gateway products that provides data protection. A SQL injection vulnerability exists in the authentication feature of Trend Micro Email Encryption, which...
Generalized SQL Injection Vulnerability in Beijing Zixin Newspaper Communication Technology Digital Newspaper System
Beijing Purple New Digital Newspaper System is a perfect, efficient, stable, reliable, flexible and scalable digital workflow management system for combined editions. A generic SQL injection vulnerability exists in the Beijing Purple New Newspaper Technology Digital Newspaper System, which allows...
BlackBerry Enterprise Service Management Console SQL Injection Vulnerability
BlackBerry Enterprise Service is a next-generation mobile device management platform. A SQL injection vulnerability exists in the Management Console component of BlackBerry Enterprise Service, which could be exploited by remote attackers to submit specially crafted SQL queries to manipulate or...
CMS system of Yingkou Aisda Computer Information Network Co., Ltd. suffers from sql injection vulnerability
Yingkou Aisda Computer Information Network Co., Ltd CMS system is a content management system. The product suffers from a sql injection vulnerability, which can be exploited by an attacker to obtain sensitive database information...
Yeager SQL Injection Vulnerability (CNVD-2016-01401)
Yeager is an open source content management system . Yeager has a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...
EC-CUBE plugin "Help plug-in" vulnerable to SQL injection
Overview EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
WordPress eshop plugin SQL injection vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. eShop is one of the online store plugins. A SQL injection vulnerability exists in the WordPress eshop plugin, which allows remote attackers to exploit the vulnerability to submit specially...
Cacti SQL Injection Vulnerability (CNVD-2016-00352)
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. Cacti suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to manipulate or obtain database data...
SQL Injection Vulnerability in 'roleName' Parameter of Founder Xiangyu CMS System
Founder Xiangyu CMS system is a full-process management platform for website information release. A SQL injection vulnerability exists in the Founder Xiangyu CMS system. The lack of filtering of the 'roleName' parameter allows attackers to exploit the vulnerability to obtain sensitive database...
Samba Information Disclosure Vulnerability
Samba is a set of programs that implement the SMB Server Messages Block protocol, cross-platform file sharing and print sharing services. An information disclosure vulnerability exists in Samba versions 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3. Due to the length of the error...
Multiple Vulnerabilities in GCMS 2005 of Beijing Guangdu Qimin Information Technology Co.
Ltd. Speed Sword 2005 GCMS is a portal creation and management system that integrates content management system, multi-site management and page display. SQL injection and cross-site scripting vulnerabilities exist in GCMS. An attacker can exploit the vulnerabilities to obtain sensitive database...
Accentis 'SIDX' Parameter SQL Injection Vulnerability
Accentis is a suite of management software for ERP, CRM, payroll, production and inventory management. Accentis fails to properly filter the 'SIDX' parameter, allowing remote attackers to exploit the vulnerability to submit specially crafted SQL query operations or obtain database data...
SQL Injection Vulnerability in RuvarOA Collaboration Office Platform of Guangzhou Luhua Computer Co.
Guangzhou Luhua Computer Co., Ltd RuvarOA collaborative office platform is a kind of enterprise office system. The product /DepartmentPlan/departmentplanattachdownload.aspxsysfilestorageid= there is a SQL injection vulnerability, the vulnerability parameter is sysfilestorageid, the type of GET...
SQL Injection Vulnerability in the Webid Parameter of the Hot.aspx Page of the Online Query System of Shanghai Caixa Science and Technology Development Corporation's Kefa...
Shanghai Cai Da Science and Technology Development Corporation Kofa online query system is a comprehensive query system for financial information. The product has a SQL injection vulnerability, the vulnerability URL is: /hot.aspx?mid1=&mid2=&webid=, the vulnerability parameter is webid, the...
Open-Xchange OX Guard SQL Injection Vulnerability
Open-Xchange OX Guard is a security suite for email and documents. A SQL injection vulnerability exists in the public key discovery API calls of Open-Xchange OX Guard, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain...
Symantec Web Gateway SQL Injection Vulnerability (CNVD-2015-06066)
Symantec Web Gateway is a suite of web content filtering software. The software provides web content filtering and data leakage protection. A SQL injection vulnerability exists in Symantec Web Gateway, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL...