Generalized SQL Injection Vulnerability in Beijing Zixin Newspaper Communication Technology Digital Newspaper System

Beijing Purple New Digital Newspaper System is a perfect, efficient, stable, reliable, flexible and scalable digital workflow management system for combined editions. A generic SQL injection vulnerability exists in the Beijing Purple New Newspaper Technology Digital Newspaper System, which allows...

BlackBerry Enterprise Service Management Console SQL Injection Vulnerability

BlackBerry Enterprise Service is a next-generation mobile device management platform. A SQL injection vulnerability exists in the Management Console component of BlackBerry Enterprise Service, which could be exploited by remote attackers to submit specially crafted SQL queries to manipulate or...

CMS system of Yingkou Aisda Computer Information Network Co., Ltd. suffers from sql injection vulnerability

Yingkou Aisda Computer Information Network Co., Ltd CMS system is a content management system. The product suffers from a sql injection vulnerability, which can be exploited by an attacker to obtain sensitive database information...

Yeager SQL Injection Vulnerability (CNVD-2016-01401)

Yeager is an open source content management system . Yeager has a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

EC-CUBE plugin "Help plug-in" vulnerable to SQL injection

Overview EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

WordPress eshop plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. eShop is one of the online store plugins. A SQL injection vulnerability exists in the WordPress eshop plugin, which allows remote attackers to exploit the vulnerability to submit specially...

Cacti SQL Injection Vulnerability (CNVD-2016-00352)

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. Cacti suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to manipulate or obtain database data...

SQL Injection Vulnerability in 'roleName' Parameter of Founder Xiangyu CMS System

Founder Xiangyu CMS system is a full-process management platform for website information release. A SQL injection vulnerability exists in the Founder Xiangyu CMS system. The lack of filtering of the 'roleName' parameter allows attackers to exploit the vulnerability to obtain sensitive database...

Samba Information Disclosure Vulnerability

Samba is a set of programs that implement the SMB Server Messages Block protocol, cross-platform file sharing and print sharing services. An information disclosure vulnerability exists in Samba versions 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3. Due to the length of the error...

Multiple Vulnerabilities in GCMS 2005 of Beijing Guangdu Qimin Information Technology Co.

Ltd. Speed Sword 2005 GCMS is a portal creation and management system that integrates content management system, multi-site management and page display. SQL injection and cross-site scripting vulnerabilities exist in GCMS. An attacker can exploit the vulnerabilities to obtain sensitive database...

Accentis 'SIDX' Parameter SQL Injection Vulnerability

Accentis is a suite of management software for ERP, CRM, payroll, production and inventory management. Accentis fails to properly filter the 'SIDX' parameter, allowing remote attackers to exploit the vulnerability to submit specially crafted SQL query operations or obtain database data...

SQL Injection Vulnerability in the Webid Parameter of the Hot.aspx Page of the Online Query System of Shanghai Caixa Science and Technology Development Corporation's Kefa...

Shanghai Cai Da Science and Technology Development Corporation Kofa online query system is a comprehensive query system for financial information. The product has a SQL injection vulnerability, the vulnerability URL is: /hot.aspx?mid1=&mid2=&webid=, the vulnerability parameter is webid, the...

SQL Injection Vulnerability in RuvarOA Collaboration Office Platform of Guangzhou Luhua Computer Co.

Guangzhou Luhua Computer Co., Ltd RuvarOA collaborative office platform is a kind of enterprise office system. The product /DepartmentPlan/departmentplanattachdownload.aspxsysfilestorageid= there is a SQL injection vulnerability, the vulnerability parameter is sysfilestorageid, the type of GET...

Open-Xchange OX Guard SQL Injection Vulnerability

Open-Xchange OX Guard is a security suite for email and documents. A SQL injection vulnerability exists in the public key discovery API calls of Open-Xchange OX Guard, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain...

Symantec Web Gateway SQL Injection Vulnerability (CNVD-2015-06066)

Symantec Web Gateway is a suite of web content filtering software. The software provides web content filtering and data leakage protection. A SQL injection vulnerability exists in Symantec Web Gateway, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL...

SQL Injection Vulnerability in DeptId Parameter of Wave Software Administrative Services System

The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the DeptId parameter of the administrati...

SQL Injection Vulnerability in FromEmail.aspx Page id Parameter of Jenohan Software's Periodicals and Magazines System.

Nanjing Jenohan Software Technology Co., Ltd. is for the development of hospital full cost accounting decision support software system, hospital performance management information system and hospital customer management information system. There is a SQL injection vulnerability in Nanjing Jenohan...

SQL Injection Vulnerability in China Haida's WEB Management System

Guangzhou Zhonghaida Satellite Navigation Technology Co., Ltd. is the first listed company in the field of domestic mapping and geographic information equipment. A SQL injection vulnerability exists in China Haida's WEB management system. An attacker can utilize the vulnerability to obtain...

SQL Injection Vulnerability in Comay RAS System

The Comet RAS system is a system that provides organizations with a centralized method of managing remote access to applications from a central point. A SQL injection vulnerability exists in the Comay RAS system. An attacker could exploit the vulnerability to gain access to sensitive database...

Multiple SQL Injection Vulnerabilities in Jinhe Collaboration Management Platform

Jinhe OA collaborative management platform using asp.net and sqlserver technology development, the use of many users. There are multiple SQL injection vulnerabilities in OA Collaboration Management Platform. Attackers are allowed to utilize common SQL injection tools to obtain sensitive database...