SQL Injection Vulnerability in Add Parameters of Nanjing Jenohan Journal Submission System

Nanjing Jenohan Software Technology Co., Ltd. is for the development of hospital full cost accounting decision support software system, hospital performance management information system and hospital customer management information system. An SQL injection vulnerability exists in the Add paramete...

LimeSurvey SQL Injection Vulnerability (CNVD-2015-04153)

LimeSurvey formerly known as PHPSurveyor is a set of open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution and data collection. A SQL injection vulnerability exists in the insert function in the...

SQL Injection Vulnerability in Name Parameter of Times Internet Enterprise Email System

Times Internet is dedicated to providing professional email service providers for a wide range of enterprise-level users. A SQL injection vulnerability exists in the name parameter of the webmail/login.php page in version 2.2.5 of Times Internet's enterprise email system. It allows attackers to...

Cisco IM and Presence Service SQL Injection Vulnerability

Cisco IM and Presence Service provides enterprise-class instant messaging and network presence services. Cisco IM and Presence Service fails to properly validate user input within a sql query, which can be exploited by an authenticated, remote attacker to read, modify, or delete entries within...

Multiple SQL Injection Vulnerabilities in Eproductsurf

Eproductsurf is a suite of web design, web development and online marketing solutions from Eproductsurf UAE. Eproductsurf suffers from multiple SQL injection vulnerabilities that stem from the program's failure to adequately filter user-submitted input before constructing SQL query statements. An...

SQL Injection Vulnerability in the type parameter of Haitian OA System/ZhuanTi/DocMain.asp Page

Haitian OA network office system is suitable for enterprises and institutions of the general-purpose network office software, the system adopts the leading B / S browser / server mode of operation, so that the network office is not subject to geographical restrictions. A SQL injection vulnerabili...

Drupal Novalnet Payment - Ubercart Module SQL Injection Vulnerability

Drupal is a free and open source content management system developed in PHP.Novalnet Payment is a payment module. A SQL injection vulnerability exists in the Drupal Novalnet Payment - Ubercart module due to the program failing to adequately filter user-supplied input. The vulnerability allows...

SysAid Help Desk SQL Injection Vulnerability

SysAid Help Desk is a suite of Web-based IT management software. SQL injection vulnerability in multiple scripts in SysAid Help Desk allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

WordPress NewStatPress Plugin SQL Injection Vulnerability

WordPress is a set of blogging platform developed using the PHP language, support for setting up personal blog sites on PHP and MySQL servers.NewStatPress is a plugin for website access statistics management. WordPress NewStatPress suffers from a SQL injection vulnerability that allows remote...

Multiple SQL Injection Vulnerabilities in WordPress GigPress Plugin 'handlers.php'

WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.GigPress is a real-time gig listing and management plugin for musicians and other performers. Multiple SQL injection vulnerabilities exis...

Multiple Cross-Site Request Forgery Vulnerabilities in osCMax

osCMax is a PHP-based open source e-commerce system/shopping cart application that supports multi-language, SSL-secured transactions, multiple payment methods, regional shipping conversion, printing invoices and more. Multiple cross-site request forgery vulnerabilities exist in versions of osCMax...

WordPress Plugin WP Symposium 'forum.php' SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language, users can set up their own weblogs on servers that support PHP and MySQL databases.WP Symposium plugin for WordPress is an application plugin for wordpress. A SQL injection vulnerability exists in the WP Symposium plugin for...

EMC Document Sciences xPression SQL Injection Vulnerability

EMC Document Sciences is a customer communications management solution. A SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression versions 4.2, 4.5 SP1 can be exploited by remote attackers to access or modify information on an affected system by executing SQL comman...

SQL Injection Vulnerability in Engineering Quality Supervision Platform of Zhuhai Xinhua Tong Software Co.

A SQL injection vulnerability exists in the Supervision Platform of Zhuhai Xinhua Tong Software Co. An attacker is allowed to exploit this vulnerability to obtain sensitive database information...

AlienVault OSSIM Plugin ID SQL Injection Vulnerability

AlienVault OSSIM or Open Source Security Information Management is a popular open source security management system. AlienVault OSSIM handles NBE Plugin DI with a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to...

Novell ZENworks 'ScheduleQuery' Method SQL Injection Vulnerability

Novell ZENworks is a suite of software that supports automated IT management and business process management across resources within an organization. A SQL injection vulnerability in the 'ScheduleQuery' method of the schedule class in Novell ZENworks allows remote attackers to submit specially...

Drumbeat CMS SQL Injection Vulnerability

Drumbeat CMS is a SME hosted Content Management System CMS from Drumbeat Australia. The system supports FTP transfer of files, user management and more. A SQL injection vulnerability exists in the index02.php file in Drumbeat CMS, which stems from the program failing to adequately filter...

Tenmiles Helpdesk Pilot Knowledge Base Plugin SQL Injection Vulnerability

Tenmiles Helpdesk Pilot is a web-based helpdesk and customer support software from Tenmiles India that provides remote assistance, problem management, customer management, etc. Knowledge Base is one of the knowledge base plug-ins. A SQL injection vulnerability exists in the Tenmiles Helpdesk Pilo...

Easy Travel Portal SQL Injection Vulnerability

Easy Travel Portal is a set of ASP-based travel management applications. A SQL injection vulnerability exists in Easy Travel Portal, which arises from the program failing to adequately filter user-submitted input before constructing SQL query statements. An attacker could use this vulnerability t...

Joomla! 'com_tpjobs' component 'id_c[]' parameter SQL injection vulnerability

Joomla! is an open source content management system. A SQL injection vulnerability exists in the 'idc' parameter of the 'comtpjobs' component of Joomla! Due to the program failing to adequately filter SQL queries before they are used. Allowing an attacker to compromise the application, access or...