CVE-2017-1722

IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811...

CVE-2018-1414

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820...

MariaDB Access Bypass Vulnerability - Windows

MariaDB is prone to an access bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; ifdescripti...

CVE-2017-1757

IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858...

Outlook for Android - Attachment Download Directory Traversal

''' There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for other accounts it will not be. This allows a file ...

CVE-2017-1606

IBM Financial Transaction Manager FTM for Multi-Platform MP 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:...

Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download Exploit

There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name and any contents can be written to anywhere on the filesystem that the Gma...

Android Gmail 7.11.5.176568039 - Directory Traversal in Attachment Download

Android Gmail 7.11.5.176568039 - Directory Traversal in Attachment Download ''' Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1342 There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment...

LMS King Professional Component SQL Injection Vulnerability in Joomla!

Joomla! is an open source, cross-platform content management system developed using PHP and MySQL. A SQL injection vulnerability exists in the cpid parameter in Joomla! LMS King Professional, which can be exploited by attackers to access or modify database data...

CVE-2017-1000004

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend...

CVE-2017-1000004

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend...

Sql injection

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend...

CVE-2017-1000004

CVE-2017-1000004 affects ATutor versions 2.2.1 and earlier, with a SQL injection vulnerability across multiple components (Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossa...

CVE-2017-1000004

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend...

Logical design flaws in mallbuilder e-commerce system

MallBuilder is a multi-user online shopping mall solution based on PHP + MYSQL. A logical design vulnerability exists in the mallbuilder e-commerce system. An attacker can exploit this vulnerability to modify database information...

Unauthorized operation vulnerability in 74cms frontend

74cms knight cms is a PHP-based open source professional talent system. 74cms has an override access vulnerability. Attackers can use the vulnerability to modify database information...

Arbitrary File Deletion Vulnerability in the Latest Version of Microgaming

Microspring is a free and open source public number management system developed by Cebu Tao Sheng Network Technology Co. There is an arbitrary file deletion vulnerability in the latest version of Weixing, which can be exploited by an attacker to modify any database information...

Unauthorised Modification

moodle is vulnerable to unauthorised modifications. A malicious user can bypass an activity's read-only state by using the student role and modify the database...

GPS Tools Component SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the Joomla GPS Tools component. An attacker can exploit the vulnerability t...

CVE-2016-9993

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1992067...