LG NAS N1A1 has multiple security vulnerabilities

The LG NAS N1A1 is a network storage device developed by the South Korean Lakin LG Group. Arbitrary file upload/download, security bypass, SQL injection, and unauthorized operation vulnerabilities exist in the Familycast service in the LG NAS N1A1 version 10119, which can be exploited by an...

Generalized SQL Injection Vulnerability in Abilify Multiservice Smart Gateway

Abilify Multi-service Smart Gateway is a product of Beijing Hai Rui Xing Ye Technology Co. A generic SQL injection vulnerability exists in Abilify Multi-service Smart Gateway. It allows attackers to utilize common SQL injection tools to obtain sensitive database information...

Generalized SQL Injection Vulnerability in Agricultural Network of Wuhan Joseph Xin Sun Agricultural Network Co.

Wuhan Joseph Xin Sun Agricultural Network Co., Ltd. is mainly engaged in computer network information software research and development, electronic complete sets of equipment research and development; business information consulting; business information consulting; sales of primary agricultural...

SQL Injection Vulnerability in BoZone Travel Distribution System

Wuhan Bozhong E-commerce Co., Ltd. is a new technology-based enterprise specializing in travel agency management software development and sales, website production, and customized development of SME management system. A SQL injection vulnerability exists in the BoZone Travel Distribution System...

SQL Injection Vulnerability in the Comprehensive Information Portal System of Nanjing Normal University Finance Department

Nanjing Normal University Finance Department comprehensive information portal system is a set of financial management platform. SQL injection vulnerability exists in Nanjing Normal University Finance Department Comprehensive Information Portal System, which can be exploited by attackers to obtain...

IBM Marketing Platform SQL Injection Vulnerability (CNVD-2016-03333)

IBM Marketing Platform is a suite of marketing platforms from IBM in the United States. The platform supports marketers in leveraging and analyzing customer interactions on websites, cell phones and social media to deliver targeted marketing campaigns to customers. A SQL injection vulnerability...

SQL injection vulnerability in the 'id' parameter of the fixed asset management system of higher education institutions at Shandong Guozi Software Co.

The Fixed Asset Management System FAMS for Higher Education is a web-based management system that can run on a campus network or the Internet. A SQL injection vulnerability exists in the Fixed Asset Management System for Higher Education Schools of Shandong Guozi Software Co. The lack of filterin...

The vulnerability of the microprogramming software used in Cisco RV220W network switches allows attackers to execute arbitrary SQL commands.

The vulnerability of the web interface for managing microprogramming software on the Cisco RV220W network switch is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially...

EMC Documentum xCP SQL Query Injection Vulnerability

EMC Documentum is an enterprise document and image management tool that makes the creation, modification, tracking and utilization of documents in business processes efficient, standardized and rigorous. EMC Documentum xCP fails to properly handle XCP REST requests, allowing remote attackers to...

Joomla! com_memorix component 'index.php' SQL Injection Vulnerability

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the Joomla commemorix component 'index.php'. The vulnerability exists becau...

Joomla SQL Injection Vulnerability (CNVD-2015-06805)

Joomla is a content management system, developed with PHP + MySQL database, running on Linux, Windows, MacOSX, Solaris and many other platforms. Joomla has been disclosed to have a SQL injection vulnerability, the comprehensive use of the vulnerability, attackers can obtain the website database...

CVE-2015-4967

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 throu...

Web Reference Database SQL Injection Vulnerability (CNVD-2015-06458)

Web Reference Database is a web-based multi-user interface product that provides search tools and automatic indexing for managing scientific literature. The Web Reference Database rss.php script fails to adequately filter the 'where' parameter and the search.php script fails to adequately filter...

SQL Injection Vulnerability in Panmicro E-office /E-mobile/flow/flowtype_free.php Parameter

Panmicro E-office is an OA product launched by Panmicro for small and medium-sized organizations. A SQL injection vulnerability exists in the Panmicro E-office /E-mobile/flow/flowtypefree.php parameter, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in China Haida's WEB Management System

Guangzhou Zhonghaida Satellite Navigation Technology Co., Ltd. is the first listed company in the field of domestic mapping and geographic information equipment. A SQL injection vulnerability exists in China Haida's WEB management system. An attacker can utilize the vulnerability to obtain...

SQL Injection Vulnerability in Shenzhen Siliconware Sewise Live Server

SEWISE is a streaming media cloud computing company engaged in streaming media encoding, distribution and storage of audio and video. sewise live streaming server is a product of this company. A SQL injection vulnerability exists in SEWISE live server. An attacker can exploit the vulnerability to...

Amazon Linux: Security Advisory (ALAS-2015-485)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple SQL Injection Vulnerabilities in Cacti

Cacti is a set of open source network traffic monitoring and analysis tools. Cacti suffers from multiple SQL injection vulnerabilities. Due to the program's failure to properly filter user-supplied input before using it in a SQL query. Allowing an attacker to compromise the application, access or...

WordPress SQL Injection Vulnerability (CNVD-2015-05160)

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. WordPress has an unspecified SQL injection vulnerability that allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database dat...

SO Planning SQL Injection Vulnerability

SO Planning is a free and open source set of online project production and management tools. SO Planning is vulnerable to a SQL injection vulnerability. The vulnerability is due to the program failing to adequately filter user-submitted input before constructing SQL query statements. An attacker...