2805 matches found
Forma Lms SQL Injection Vulnerability
Forma Lms is an open source web-based learning management system LMS. A SQL injection vulnerability exists in Forma Lms, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...
Emerson AMS Device Manager Local SQL Injection Vulnerability
Emerson Electric AMS Device Manager is a fixed asset management software. The software provides predictive diagnostics, device configuration management, and more. An SQL injection vulnerability exists in AMS Device Manager 12.5 and earlier versions, which can be exploited by an attacker to gain...
Drupal PHPlist Integration Module SQL Injection Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. phpList Integration is one of the modules that provides integration functionality between the Drupal website and the phpList Communication Manager. A SQL injection vulnerability exists...
SQL Injection Vulnerability in the Collaboration Management System/c6/Jhsoft.Web.login/NewView.aspx Page of Beijing Jinhe Network Co.
Beijing Jinhe Network Co., Ltd. collaborative management system, according to the precise management ideas guided by the 6C management concept design, the Internet technology, computer technology, Luan Runfeng's management concepts, Chinese culture, the four are closely integrated, the core of...
Cisco Secure Access Control System SQL Injection Vulnerability
Cisco Secure ACS is a central management platform for Cisco network devices that controls authentication and authorization of devices. A SQL injection vulnerability exists in the Cisco Secure Access Control System due to the program not adequately filtering user-supplied data before using it in S...
Red Hat CloudForms Management Engine SQL Injection Vulnerability
Red Hat CloudForms is hybrid cloud management software from Red Hat. A SQL injection vulnerability in Red Hat CloudForms Management Engine allows attackers to send specially crafted REST API requests to manipulate or obtain database data...
WordPress Social Slider Plugin SQL Injection Vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.Social Slider is a social sharing button display plugin. Social Slider plugin suffers from a SQL injection vulnerability that allows remo...
rubygem-activerecord: SQL injection vulnerability in 'range' quoting
It was discovered that Active Record did not properly quote values of the range type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record...
UBUNTU-CVE-2014-2708
Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...
DEBIAN-CVE-2013-6172
steps/utils/savepref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code...
rubygem-json: Denial of Service and SQL Injection
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
python-sqlalchemy: SQL injection flaw due to not checking LIMIT input for correct type
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...
CVE-2010-4990
SQL injection vulnerability in the Front-edit Address Book comaddressbook component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php...
CVE-2011-1609
SQL injection vulnerability in Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x before 6.15su2, 7.x before 7.15su1, 8.0 before 8.03, and 8.5 before 8.51 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647...
CVE-2010-2016
SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter...
CVE-2009-2148
SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter...
DEBIAN-CVE-2008-5813
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information...
CVE-2008-2762
SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter...
CVE-2008-2767
SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter...
EJBQL injection via 'order' parameter
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter...