1308 matches found
CVE-2016-0299
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. IBM X-Force ID: 111382...
CVE-2016-0299
IBM TRIRIGA Application Platform vulnerable in versions 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 where remote attackers can disclose sensitive information via vectors involving a database query executed through crafted HTTP/SOAP requests. The issue stems from information dis...
CVE-2017-17420
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method requests. The issue...
Event Manager SQL Injection Vulnerability
Event Manager is a PHP-based event management script . A SQL injection vulnerability exists in Event Manager version 1.0. A remote attacker can inject SQL commands by sending the 'id' parameter to the event.php file or the 'slug' parameter to the page.php file...
CVE-2018-6363
SQL Injection exists in Task Rabbit Clone 1.0 via the singleblog.php id parameter...
Zenario SQL Injection Vulnerability
Zenario is a web-based content management system for multilingual websites. A SQL injection vulnerability exists in Zenario versions 7.1 through 7.6. A remote attacker can exploit this vulnerability to execute malicious SQL commands with the help of the 'Name' input field in the organizer.php or...
Code execution vulnerability in DedeCMS V5.7 SP2 dede/sys_sql_query.php file
Weaving dream content management system DedeCms is a PHP open source website management system. A code execution vulnerability exists in the DedeCMS V5.7 SP2 dede/syssqlquery.php file. An attacker can obtain a webshell by executing a sql statement and writing a one-sentence Trojan...
JEXTN Question And Answer extension SQL Injection Vulnerability
Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other functions.JEXTN Question And Answer extension is used in one of the online question and answer plug-ins. A SQL injection vulnerability...
SQL Injection Vulnerability in ThinkLC V3.5 Classified Information System tops.php Page
ThinkLC Classified Information System is a local classified information system built on PHP+MYSQL development. A SQL injection vulnerability exists in the ThinkLC V3.5 Classified Information System tops.php page due to the program failing to adequately filter user-supplied input. An attacker can...
Quest NetVault Backup SQL Injection Vulnerability
Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability in the handling of NVBUBackup JobList method requests in Quest NetVault Backup versions prior to 11.4.5 stems from the program's failure to properly detect user-submitted strings prior...
CVE-2017-17695
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter...
FS Makemytrip Clone SQL Injection Vulnerability
FS Makemytrip Clone is a PHP and MySQL based vacation and travel booking system. A SQL injection vulnerability exists in FS Makemytrip Clone version 1.0. A remote attacker can inject SQL commands by sending the 'florig' or 'fldest' parameter to the show-flight-result.php file...
Weblate: Audit log validation
Issue For the docker image git clone https://github.com/WeblateOrg/docker.git weblate-docker, the IP address in the audit log in the user's profile, and in the administration console can be forged using the X-Forwarded-For header during the login process. This does not affect...
ZOHO ManageEngine Applications Manager SQL Injection Vulnerability (CNVD-2017-37247)
ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. A SQL injection...
Huawei UMA Product SQL Injection Vulnerability
Huawei UMA Unified Maintenance Audit is a unified audit system. It provides a unified O&M operation portal to control and record the O&M operations performed by users, and supports auditing by command view and video playback. A SQL injection vulnerability exists in the Huawei UMA product, as the...
Shareet - Photo Sharing Social Network SQL Injection Vulnerability
Shareet - Photo Sharing Social Network is a social networking system with photo sharing features. A SQL injection vulnerability exists in Shareet - Photo Sharing Social Network version 1.0. The vulnerability can be exploited by remote attackers to inject SQL commands using the 'photo' parameter...
Mailing List Manager Pro SQL Injection Vulnerability
Mailing List Manager Pro is an email marketing system. The system features mailing list building, address book editing and autoresponders. A SQL injection vulnerability exists in Mailing List Manager Pro version 3.0. A remote attacker can exploit the vulnerability by sending SQL injection command...
CVE-2017-15966
The Zh YandexMap aka comzhyandexmap component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php...
Action Pack contains database-query restrictions bypass
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to...
GHSA-HGPP-PP89-4FGF Action Pack contains database-query restrictions bypass
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to...