Rexroth Bosch BLADEcontrol-WebVIS SQL Injection Vulnerability

Rexroth Bosch BLADEcontrol is a web-based HMI system. Rexroth Bosch BLADEcontrol has a SQL injection vulnerability in database operations that could lead to control of the database server or remote code execution...

SQL Injection Vulnerability in the LoginName Parameter of the Collaboration Office System of Shanghai CITIC Information Development Co.

CITIC Shanghai Information Development Co., Ltd. collaborative office system is a set of online office automation software A SQL injection vulnerability exists in the loginName parameter of the CITIC Information Development Co., Ltd. collaborative office system, which can be exploited by an...

SQL Injection Vulnerability in Communication Application Server username Parameter of Shenou Communication Equipment Co.

Shenou Communication Equipment Co., Ltd. is a national non-regional enterprise integrating R&D, production, sales and service. Communication Application Server SOC1000 model products are softswitch servers for IP networks, supporting voice, fax and video at the same time. Shenou Communication...

SQL injection vulnerability in the coursewares.htm?recommend= parameter of the distance learning platform of Shenzhen Tengchuang Network Technology Co.

Tengchuang Internet Distance Education Platform is an online knowledge trading platform centered on real-time interactive online classroom, combining powerful functions such as courseware on-demand, course transaction, online payment, and online examination, etc. for students and teachers in...

Apache Ranger SQL Injection Vulnerability

Apache Ranger is a set of architectures for implementing comprehensive security measures for Hadoop clusters, providing centralized security policy management for core enterprise security requirements such as authorization, billing and data protection. Apache Ranger suffers from a SQL injection...

SQL Injection Vulnerability in Remote Video Surveillance Management System of Hangzhou Hikvision Digital Technology Co.

Hangzhou Hikvision Digital Technology Co., Ltd Remote Video Surveillance Management System is a set of video surveillance software. The remote video surveillance management system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from...

Multiple Vulnerabilities in iScripts EasyCreate

iScripts EasyCreate is an online website builder that can be used on a server to provide website building services to clients and is fully customizable. iScripts EasyCreate suffers from SQL injection, cross-site scripting, and cross-site request forgery vulnerabilities that could be exploited by ...

biweb SQL Injection Vulnerability

BIWEB Business Intelligence Website System is a website system relying on ArthurXF enterprise application-level PHP development framework, developed and designed by the Shanghai NetWorks Network Information Co., Ltd. is a rapid development, simple and easy to use object-oriented enterprise...

Multiple Vulnerabilities in WordPress Booking Calendar Contact Form Plugin

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress Booking Calendar Contact Form plugin version prior to 1.0.23 suffers from a SQL injection, cross-site scripting...

Multiple Vulnerabilities in ManageEngine Firewall Analyzer

ManageEngine Firewall Analyzer is a web-based firewall log analysis tool from Zoho that collects, correlates, and reports on enterprise-wide logs from firewalls, proxy servers, and Radius servers. Elevation of privilege and SQL injection vulnerabilities exist in ManageEngine Firewall Analyzer,...

SQL Injection Vulnerability in Transmission Interactive Video Equipment at Clearstream (Beijing) Technology Co.

StreamOcean, Inc. is the world's leading high-technology company dedicated to delivering high-definition interactive video over the Internet, with its fully independent intellectual property rights in the StreamOcean Video Delivery Network SOVDN, which provides the infrastructure for full video...

weiphp /Application/Admin/Controller/PublicController.class.php Login SQL Injection Vulnerability

weiphp is an open source, efficient, simple microsoft development platform. The weiphp /Application/Admin/Controller/PublicController.class.php login is vulnerable to SQL injection. Allow attackers to exploit the vulnerability to obtain sensitive database information...

Cacti SQL Injection Vulnerability (CNVD-2016-02028)

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. The tool through snmpget to get the data , using RRDtool drawing graphs for analysis , and provide data and user management functions . A SQL injection vulnerability exists in Cacti 0.8.8g and prio...

CMS system of Yingkou Aisda Computer Information Network Co., Ltd. suffers from sql injection vulnerability

Yingkou Aisda Computer Information Network Co., Ltd CMS system is a content management system. The product suffers from a sql injection vulnerability, which can be exploited by an attacker to obtain sensitive database information...

SAP NetWeaver J2EE Engine UDDI Server SQL Injection Vulnerability

SAP NetWeaver J2EE Engine is the German SAP SAP company's a service-oriented integrated application platform J2EE engine. A SQL injection vulnerability exists in the UDDI server of SAP NetWeaver J2EE Engine version 7.40. A remote attacker could exploit this vulnerability to execute arbitrary SQL...

CVE-2016-2386

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079...

CVE-2016-0881

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and obtain sensitive repository information by appending a query to a REST request...

SQL Injection Vulnerability in Broadband Authentication and Billing System of Chengdu Starry Blue Ocean Network Technology Co.

Blue Ocean Premier Broadband Access Gateway is a specialized intelligent device for Ethernet broadband access. SQL injection vulnerability exists in the broadband authentication and billing system of Chengdu Starry Blue Ocean Network Technology Co., Ltd. There is an injection point in the...

Multiple Vulnerabilities in GCMS 2005 of Beijing Guangdu Qimin Information Technology Co.

Ltd. Speed Sword 2005 GCMS is a portal creation and management system that integrates content management system, multi-site management and page display. SQL injection and cross-site scripting vulnerabilities exist in GCMS. An attacker can exploit the vulnerabilities to obtain sensitive database...

Shandong Nongyou Village-level Major Matters and Supervisory Committee Construction Supervision System SQL Injection Vulnerability

A software program for rural villagers' supervisory committees and village affairs management, which is a system for supervising the construction of village-level major issues and supervisory committees. A SQL injection vulnerability exists in the Shandong Nongyou Software Village-level Major...