Drupal PHPlist Integration Module SQL Injection Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. phpList Integration is one of the modules that provides integration functionality between the Drupal website and the phpList Communication Manager. A SQL injection vulnerability exists...

SQL Injection Vulnerability in the Collaboration Management System/c6/Jhsoft.Web.login/NewView.aspx Page of Beijing Jinhe Network Co.

Beijing Jinhe Network Co., Ltd. collaborative management system, according to the precise management ideas guided by the 6C management concept design, the Internet technology, computer technology, Luan Runfeng's management concepts, Chinese culture, the four are closely integrated, the core of...

Cisco Secure Access Control System SQL Injection Vulnerability

Cisco Secure ACS is a central management platform for Cisco network devices that controls authentication and authorization of devices. A SQL injection vulnerability exists in the Cisco Secure Access Control System due to the program not adequately filtering user-supplied data before using it in S...

Red Hat CloudForms Management Engine SQL Injection Vulnerability

Red Hat CloudForms is hybrid cloud management software from Red Hat. A SQL injection vulnerability in Red Hat CloudForms Management Engine allows attackers to send specially crafted REST API requests to manipulate or obtain database data...

WordPress Social Slider Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.Social Slider is a social sharing button display plugin. Social Slider plugin suffers from a SQL injection vulnerability that allows remo...

rubygem-activerecord: SQL injection vulnerability in 'range' quoting

It was discovered that Active Record did not properly quote values of the range type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record...

UBUNTU-CVE-2014-2708

Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...

DEBIAN-CVE-2013-6172

steps/utils/savepref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code...

rubygem-json: Denial of Service and SQL Injection

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

python-sqlalchemy: SQL injection flaw due to not checking LIMIT input for correct type

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

CVE-2010-4990

SQL injection vulnerability in the Front-edit Address Book comaddressbook component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php...

CVE-2011-1609

SQL injection vulnerability in Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x before 6.15su2, 7.x before 7.15su1, 8.0 before 8.03, and 8.5 before 8.51 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647...

CVE-2010-2016

SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter...

CVE-2009-2148

SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter...

DEBIAN-CVE-2008-5813

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-2767

SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter...

CVE-2008-2762

SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter...

EJBQL injection via 'order' parameter

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter...

PT-2008-2241 · WordPress · Dmsguestbook

Name of the Vulnerable Software and Affected Versions: DMSGuestbook version 1.7.0 Description: A SQL injection issue exists in the administration panel of the DMSGuestbook plugin for WordPress, allowing remote authenticated administrators to execute arbitrary SQL commands. It is unclear whether...

security flaw

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting XSS, and HTTP response splitting...