2819 matches found
SQL Injection Vulnerability in the ClassID Parameter of Guozidian's Asset Management Information System for Administrative Utilities
The Administrative Utility Asset Management Information System is an asset management information system, in order to standardize and strengthen the management of state-owned asset management information system of administrative institutions, and to improve the level of informationization of...
TCCMSV9.0 Latest Version SQL Injection Vulnerability
TCCMS is a content management system. TCCMSV9.0 has multiple SQL injection vulnerabilities in app/controller/news.class.php, which can be exploited by attackers to either obtain sensitive database information...
SQL Injection Vulnerability in Panmicro e-Weaver System
e-Weaver system is a Panmicro OA office software. A SQL injection vulnerability exists in the e-Weaver System/ServiceAction/com.eweaver.base.DataAction page of Panmicro, which can be exploited in a comprehensive manner to allow an attacker to obtain sensitive information about the database...
concrete5 'Access.php' SQL Injection Vulnerability
concrete5 is a free content management system CMS developed by Portland Labs in the United States. The system allows editing and layout directly on the page. A SQL injection vulnerability exists in concrete5 that stems from the program failing to adequately filter user-submitted input before...
Cacti SQL Injection Vulnerability (CNVD-2015-03938)
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. The tool through snmpget to obtain data , using RRDtool drawing graphs to analyze , and provide data and user management features . A SQL injection vulnerability exists in versions prior to Cacti...
WordPress Plugin Simple Photo Gallery 'index.php' SQL Injection Vulnerability
WordPress is a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up personal blog site.Simple Photo Gallery is an image gallery plugin. A SQL injection vulnerability exists in the WordPress plugin Simple Photo Gallery 'index.php. The...
SAP Sybase Adaptive Server Enterprise SQL Injection Vulnerability
SAP Sybase Adaptive Server Enterprise is a relational database management system. A SQL injection vulnerability in SAP Sybase Adaptive Server Enterprise allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...
WordPress Contus Video Gallery Plugin SQL Injection Vulnerability
WordPress is a content management system developed using PHP language. Contus Video Gallery is a video gallery plugin for WordPress sites. A SQL injection vulnerability exists in Contus Video Gallery 2.7 and earlier versions due to the program failing to properly filter the content of the "vid" G...
Drupal WikiWiki Module SQL Injection Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A SQL injection vulnerability exists in the Drupal WikiWiki module. It allows remote attackers to execute arbitrary SQL commands...
postgresql: loss of frontend/backend protocol synchronization after an error
A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection...
SQL Injection Vulnerability in Mobile OPAC Library Portal System of Huifen Software
Ltd.'s Mobile Library Portal System is a mobile service solution integrating Pocket Portal and Pocket APP, which brings readers and libraries closer together in the era of mobile intelligence. SQL injection vulnerability in Huiwen Software Mobile OPAC Library Portal System. Allows an attacker to...
postgresql: loss of frontend/backend protocol synchronization after an error
A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection...
Joomla Random Article SQL Injection
Exploit Title : Joomla Random Article Component SQL Injection vulnerability Author : Jagriti Sahu AKA Incredible Vendor Link : http://demo.web-dorado.com Date : 23/03/2015 Discovered at : IndiShell Lab Love to : error1046 ^^ ,Team IndiShell,Codebreaker ICA ,Subhi,Mrudu,Hary,Kavi ^^...
Joomla component 'com_youtube' SQL injection vulnerability
Joomla! is a content management system that is quite well known abroad. A SQL injection vulnerability exists in the Joomla component 'comyoutube', which allows attackers to exploit the vulnerability to access or modify data...
postgresql: loss of frontend/backend protocol synchronization after an error
A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection...
Elastix transactionID SQL Injection Vulnerability
Elastix is an Asterisk PBX operating tool. A SQL injection vulnerability in the Elastix a2billing/customer/iridiumthreed.php script handling transactionID allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...
PHP address book has multiple SQL injection and multiple cross-site scripting vulnerabilities
PHP Address Book Address Book is a PHP development of a simple Web-based address book , contact management applications , support groups , addresses , e-mail , telephone numbers and birthday information ; can be exported to vCard and CSV , integrated with Gmail, Google and Yahoo maps , the databa...
Multiple SQL Injection Vulnerabilities in Multiple Solarwinds Products core Orion
SolarWinds Orion is a comprehensive network fault and network performance management platform that adapts to the rapid growth of networks and expanding network requirements. Auxiliary/gather/solarwindsorionsqli included in multiple Solarwinds products fails to properly filter user-submitted input...
Multiple Input Validation Vulnerabilities in Gecko CMS
Gecko CMS is a content management system CMS based on PHP and MySQL. Gecko CMS suffers from SQL injection, cross-site scripting, and HTML injection vulnerabilities because it fails to adequately filter user-supplied input. Exploitation of these vulnerabilities allows attackers to perform...
KBPublisher FAQ System SQL Injection Vulnerability
KnowledgebasePublisher is a FAQ system non-open source that can also be used as a content manager for publishing articles. Provides question categorization , glossary , powerful WYSIWYG editor , real-time response , full-text search , add attachments , five different administrative roles ,...