267 matches found
Sql injection
A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An...
Cisco Prime Service Catalog SQL Injection Vulnerability
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could...
SQLMap v1.1.8 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
Sql injection
A vulnerability in Cisco Unified Communications Manager 10.52.10000.5, 11.01.10000.10, and 11.51.10000.6 could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass...
Design/Logic Flaw
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available...
CVE-2017-7314
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available...
CVE-2017-7314
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available...
CVE-2017-2317
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure,...
CVE-2017-2317
Juniper Networks NorthStar Controller Application before version 2.1.0 Service Pack 1 is vulnerable to a denial-of-service attack from an unauthenticated, network-based attacker. The issue can cause DoS of underlying database tables and may lead to information disclosure, modification of system s...
ImagePro Lazygirls Clone Script - SQL Injection
ImagePro Lazygirls Clone Script - SQL Injection Exploit Title: ImagePro Lazygirls Clone Script - SQL Injection Google Dork: N/A Date: 05.04.2017 Vendor Homepage: http://bimedia.info/ Software: http://bimedia.info/8-2/ Demo: http://imagepro.clonedemo.com/ Version: N/A Tested on: Win7 x64, Kali Lin...
Sql injection
IBM Tivoli Storage Manager IBM Spectrum Protect 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these...
MBLS Flex CMS 0.7.2 SQL Injection / Cross Site Scripting
Title: SQL injection & Cross-site scripting in CMS Flex Credit: Bilal KARDADOU Vulnerability: SQL injection & Cross-Site scripting Vulnerable version: Flex Version 0.7.2 Vendor: MBL Solutions Ltd Vendor URL: http://www.mblsolutions.co.uk/ Product: FLEX CMS "THE INTUITIVE CONTENT MANAGEMENT SYSTEM...
CVE-2016-9864
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and ...
CVE-2016-9864
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and ...
[SECURITY] Fedora 23 Update: rubygem-activerecord-4.2.3-3.fc23
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...
[SECURITY] Fedora 24 Update: rubygem-activerecord-4.2.5.2-2.fc24
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...
[SECURITY] Fedora 25 Update: rubygem-activerecord-5.0.0.1-1.fc25
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...
Cisco Prime Collaboration Provisioning SQL Injection Vulnerability (cisco-sa-20151008-pcp)
A vulnerability in web framework of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to execute unauthorized SQL queries. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...
PT-2016-2119 · Php +2 · Php +2
Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.6.12 Description: The issue is related to the odbc bindcols function in PHP, which mishandles driver behavior for SQL WVARCHAR columns. This can be exploited by remote attackers to cause a denial of service application...
Cisco Cloud Network Automation Provisioner SQL Injection Vulnerability
A vulnerability in the web framework of Cisco Cloud Network Automation Provisioner CNAP could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...