ApPHP Hotel Site SQL Injection Vulnerability

ApPHP Hotel Site is a PHP-based hotel management solution from ApPHP USA. The program provides hotel management and online booking and other functions. A SQL injection vulnerability exists in ApPHP Hotel Site version 3.x.x. The vulnerability stems from the index.php script failing to adequately...

SQL injection vulnerability in txtContent parameter in InteractiveCommunication/InterActiveIndex.aspx of Wave Government Service Platform

Wave software government system is an industry informatization application system built on the basis of cloud computing and big data. There is a SQL injection vulnerability in the txtContent parameter of the InteractiveCommunication/InterActiveIndex.aspx of the Wave government service platform,...

Cisco Unified Web and E-Mail Interaction Manager SQL Injection Vulnerability

Cisco Unified Web and E-mail Interaction Manager are both products in the Customer Collaboration Contact Center of the American Cisco Cisco company. A SQL injection vulnerability exists in Cisco Unified Web and E-Mail Interaction Manager, which could be exploited by a remote attacker to submit a...

Aruba Networks CPPM SQL Injection Vulnerability

Aruba Networks ClearPass Policy Manager is an advanced policy management platform for role- and device-based network access control. A security vulnerability exists in Aruba Networks ClearPass Policy Manager CPPM, which can be exploited by remote administrators to execute arbitrary SQL commands...

Forma Lms SQL Injection Vulnerability

Forma Lms is an open source web-based learning management system LMS. A SQL injection vulnerability exists in Forma Lms, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

Emerson AMS Device Manager Local SQL Injection Vulnerability

Emerson Electric AMS Device Manager is a fixed asset management software. The software provides predictive diagnostics, device configuration management, and more. An SQL injection vulnerability exists in AMS Device Manager 12.5 and earlier versions, which can be exploited by an attacker to gain...

Cacti graph.php SQL Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools. The Cacti graph.php script fails to properly filter the localgraphid parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

IBM Security SiteProtector System SQL Injection Vulnerability

The IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents and devices. A SQL injection vulnerability exists in IBM Security SiteProtector System, which allows remote attackers to exploit the...

WordPress Tune Library Plugin SQL Injection Vulnerability

WordPress is a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up personal blog site.Tune Library is one of the plugin used to import XML iTunes music library files into the WordPress database. A SQL injection vulnerability exists in the...

Cisco Unified Communications Manage SQL Injection Vulnerability

Cisco Unified Communications Manager is the call processing component of the IP Telephony solution from Cisco. A SQL injection vulnerability exists in Cisco Unified Communications Manager due to the program failing to properly filter user-supplied input. This allows an authenticated, remote...

Novell ZENworks 'GetReRequestData' Method SQL Injection Vulnerability

Novell ZENworks is a suite of software that supports automated IT management and business process management across resources within an organization. A SQL injection vulnerability in the 'GetReRequestData' method of the GetStoredResult class in Novell ZENworks allows remote attackers to submit...

Drupal PHPlist Integration Module SQL Injection Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. phpList Integration is one of the modules that provides integration functionality between the Drupal website and the phpList Communication Manager. A SQL injection vulnerability exists...

WordPress Plugin All In One WP Security & Firewall admin/wp-security-list-acct-activity.php SQL Injection Vulnerability

WordPress is a set of blogging platform developed in PHP language by WordPress Software Foundation, which supports setting up personal blog sites on servers with PHP and MySQL.All In One WP Security & Firewall Plugin for WordPress is a Wordpress Security Plugin. The All In One WP Security &...

Cisco CUCDM SQL Injection Vulnerability

Cisco Unified Communications Manager is an enterprise-class IP telephony call processing system. A sql injection vulnerability exists in the graphical administration feature of Cisco Unified Communications Domain Manager Application Software due to a failure to effectively validate user-supplied...

Hospira MedNet Hardcoded Password Vulnerability (CNVD-2015-02160)

MedNet manages drug libraries, firmware updates, and configurations for Hospira IV pumps for use in the healthcare and public health sectors. MedNet uses plain text stored passwords for the SQL database, which allows an attacker to compromise the MedNet SQL server and gain administrator access to...

Multiple SQL Injection Vulnerabilities in Fiyo CMS

Fiyo CMS is small business phone service and mobile collaboration tool. Fiyo CMS has multiple SQL injection vulnerabilities. The vulnerabilities can be exploited by an attacker to gain access to sensitive database information...

Comsenz SupeSite CMS SQL Injection Vulnerability

Comsenz SupeSite 7.0 CMS is a content management system developed by Comsenz. Comsenz SupeSite 7.0 CMS "batch.common.php" fails to properly filter user-submitted inputs for the "name" parameter, allowing remote attackers to submit specially crafted SQL queries to manipulate or obtain database dat...

WordPress SEO by Yoast SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.WordPress SEO by Yoast is an SEO plugin for wordpress. WordPress SEO by Yoast fails to properly filter user-submitt...

SQL Injection Vulnerability in the Collaboration Management System/c6/Jhsoft.Web.login/NewView.aspx Page of Beijing Jinhe Network Co.

Beijing Jinhe Network Co., Ltd. collaborative management system, according to the precise management ideas guided by the 6C management concept design, the Internet technology, computer technology, Luan Runfeng's management concepts, Chinese culture, the four are closely integrated, the core of...

SQL Injection Vulnerability in Ticketmaster ERP Management System of Shanghai Shengdai Information Technology Co.

Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...