7729 matches found
Joomla UserExtranet Component SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla UserExtranet component. An attacker can exploit the vulnerability to access or modify database data...
CVE-2016-8998
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference : 1998747...
EMC Documentum Content Server DQL Injection Vulnerability
EMC Documentum Content Server is a content management service system from EMC. A DQL injection vulnerability exists in EMC Documentum Content Server because the program fails to properly filter user-submitted input. A remote attacker can exploit the vulnerability by sending a specially crafted...
Joomla djcatalog2 Component SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla djcatalog2 component. An attacker can exploit the vulnerability to access or modify database data...
Joomla com_djcatalog2 component 'cid' parameter SQL injection vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'cid' parameter of the Joomla comdjcatalog2 component. An attacker can exploit the vulnerability to access or modify database data...
SQL Injection Vulnerability in Ocean CMS tid Parameter
Ocean CMS is an open source website builder. An SQL injection vulnerability exists in the admintopicvod.php page of Ocean CMS 6.46 utf-8 official. The lack of filtering of the 'tid' parameter allows an attacker to exploit the vulnerability to obtain sensitive information about the database...
UBUNTU-CVE-2016-4861
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation...
SQL command execution vulnerability in the sysId parameter of Wyspeed V2 video conferencing system
Vizz V2 Video Conferencing System is a video conferencing system. A SQL command execution vulnerability exists in the sysId parameter of the Vizz V2 video conferencing system. It allows an attacker to remotely write a shell and gain server privileges...
Joomla JE auction component SQL injection vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla JE auction component. An attacker can exploit the vulnerability to access or modify database data...
Joomla Music Collection Component SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla Music Collection component. An attacker can exploit the vulnerability to access or modify database data...
Joomla JE Quiz Component SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla JE Quiz component, which can be exploited by attackers to access or modify database data...
Joomla JE Form Creator Component SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla JE Form Creator component, which can be exploited by attackers to access or modify database data...
Joomla Hbooking Component SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla Hbooking component. An attacker can exploit the vulnerability to access or modify database data...
CVE-2016-8355
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and...
CVE-2016-8341
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands...
Multi-meter (DuomiCms) film and television management system climit and ckey parameters exist SQL injection vulnerability
Duomi DuomiCms film and television management system is a set of specialized video on demand system. A SQL injection vulnerability exists in DuomiCms. The lack of filtering of the 'climit' and 'ckey' parameters allows an attacker to exploit the vulnerability to obtain sensitive database informati...
McAfee ePolicy Orchestrator SQL Injection Vulnerability (CNVD-2017-01459)
McAfee ePolicy Orchestrator ePO is a suite of scalable security management software from Intel Corporation formerly McAfee, Inc.. The software enables centralized, streamlined management of endpoint, network, content security and compliance solutions. An SQL injection vulnerability exists in McAf...
SQL Injection Vulnerability in iTrackGPS Monitoring Management System
iTrackGPS Monitoring Management System is a GPS monitoring system. A SQL injection vulnerability exists in iTrackGPS Monitoring Management System. The lack of filtering of the 'SystemNo' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information...
EMC Documentum D2 4.5.x and 4.6.x < 4.7 Multiple Vulnerabilities (ESA-2016-167)
The remote host is running a version of EMC Documentum D2 that is 4.5.x or 4.6.x prior to 4.7. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can...
IBM Kenexa LMS on Cloud SQL Injection Vulnerability (CNVD-2017-00564)
IBM Kenexa LMS on Cloud is a configurable, enterprise-grade social learning management system LMS from IBM that integrates social networking, collaboration, and knowledge sharing capabilities. The system provides interactive features and supports users to evaluate learning content and share their...