Huawei Enterprise Information Engine SQL Injection Vulnerability

Huawei Enterprise Information Engine EIE is an enterprise information machine product from Huawei, China. A SQL injection vulnerability exists in Huawei EIE. An attacker could use this vulnerability to compromise an application, access or modify data, or exploit a potential vulnerability in the...

Accentis 'SIDX' Parameter SQL Injection Vulnerability

Accentis is a suite of management software for ERP, CRM, payroll, production and inventory management. Accentis fails to properly filter the 'SIDX' parameter, allowing remote attackers to exploit the vulnerability to submit specially crafted SQL query operations or obtain database data...

Techno Project Japan Enisys Gw SQL Injection Vulnerability

Techno Project Japan Enisys Gw is an open source groupware software from Techno Project Japan. A SQL injection vulnerability exists in Techno Project Japan Enisys Gw. The vulnerability allows remote attackers to submit specially crafted SQL queries or obtain database data...

Allen-Bradley MicroLogix SQL Injection Vulnerability

Allen-Bradley MicroLogix is a programmable logic controller PLC from Rockwell Automation. An SQL injection vulnerability exists in Allen-Bradley MicroLogix 1100 prior to B FRN 15.000 and 1400 prior to B FRN 15.003. It allows an authenticated remote user to execute arbitrary SQL commands via...

SQL Injection Vulnerability in a System of Anhui Business Network

Anhui Business Network Information Industry Co., Ltd. is a professional high-tech Internet technology service provider. A system SQL injection vulnerability in Anhui Business Network allows attackers to exploit this vulnerability to obtain data volume sensitive information...

Yukisoft e-Government Platform SQL Injection Vulnerability

Yusoft e-government platform is an official document and information exchange platform jointly developed by the Ministry of Education to promote the informatization of education government affairs and entrusted to the Education Management Information Center and Beijing NetManager Information...

Cisco Prime Collaboration Assurance SQL Injection Vulnerability

Cisco Prime is a service-centric solution that integrates the management of wired and wireless LANs, WANs and data centers from endpoints, network devices and applications, and filters information. A SQL injection vulnerability exists in the Cisco Prime Collaboration Assurance WEB architecture,...

Cisco Prime Collaboration Assurance SQL Injection Vulnerability (CNVD-2015-06574)

Cisco Prime is a service-centric solution that integrates the management of wired and wireless LANs, WANs and data centers from endpoints, network devices and applications, and filters information. A SQL injection vulnerability exists in the Cisco Prime Collaboration Assurance WEB architecture,...

Pref Shimane CMS vulnerable to SQL injection

Overview Pref Shimane CMS is an open-source Contents Management System CMS. Pref Shimane CMS contains an SQL injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A logged in...

Open-Xchange OX Guard SQL Injection Vulnerability

Open-Xchange OX Guard is a security suite for email and documents. A SQL injection vulnerability exists in the public key discovery API calls of Open-Xchange OX Guard, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain...

ThinkSAAS SQL Injection Vulnerability

ThinkSAAS is a lightweight open source community system , is a community system that can be used to build discussion groups , bbs and circles . ThinkSAAS has a SQL injection vulnerability. An attacker can exploit the vulnerability to execute SQL statements and obtain sensitive information from...

SQL Injection Vulnerability in id Parameter of Wave Software Administrative Services System

The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the id parameter of the administrative...

Synology Video Station SQL Injection Vulnerability (CNVD-2015-06008)

Synology Video Station is a video manager from Synology. A SQL injection vulnerability exists in Synology Video Station versions prior to 1.5-0757, which can be exploited by remote attackers to execute arbitrary SQL commands...

SQL injection vulnerability in prtp parameter of travel e-commerce platform belonging to Shenzhen Dingyou

The tourism e-commerce platform is also a platform for a business system that uses electronic means to operate the tourism industry and its distribution system, based on a network as the main body, a tourism information base and an electronic business bank. There is a SQL injection vulnerability ...

SQL Injection Vulnerability in LanMuId Parameter of Wave Software Administrative Services System

The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the LanMuId parameter of the...

SQL Injection Vulnerability in the username parameter of Wave Software Administrative Services System

The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the username parameter of WaveSoft...

Arbitrary File Upload Vulnerability in Panavision OA System

Panavision OA Office System is a coordination office software. A SQL injection vulnerability exists in Panmicro OA Office System, which can be exploited by an attacker to obtain sensitive information from a website database...

Multiple SQL Injection Vulnerabilities in Beijing Oriental Netscape PIW Content Management System

PIW Content Management System is a content management system of Beijing Oriental Netscape Information Technology Co. PIW Content Management System has multiple SQL injection vulnerabilities. The vulnerabilities allow attackers to exploit the vulnerabilities to gain access to sensitive information...

Generic SQL Injection Vulnerability in CNGENETCMS v4.2.0

CNGENETCMS is a content management system CMS, there is an authentication bypass vulnerability CNGENETCMS v4.2.0 sp1. This vulnerability can be exploited to directly log in to the background of the site without authentication to manage the site. At present, many sites are still using this CMS...

Multiple SQL Injection Vulnerabilities in Jinhe Collaboration Management Platform

Jinhe OA collaborative management platform using asp.net and sqlserver technology development, the use of many users. There are multiple SQL injection vulnerabilities in OA Collaboration Management Platform. Attackers are allowed to utilize common SQL injection tools to obtain sensitive database...