Accellion FTA Device SQL Injection Vulnerability (CNVD-2017-07454)

Accellion FTA devices is a file transfer device from Accellion USA. The device supports file transfer, file sharing, file transfer tracking and reporting, and more. A SQL injection vulnerability exists in the reporterror.php file in versions of Accellion FTA devices prior to FTA912180. A remote...

flatCore SQL Injection Vulnerability

flatCore is a web content management system based on PHP5 and SQLite3. A SQL injection vulnerability exists in flatCore, which allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

SQL Injection Vulnerability in Zendo 9.1.2 zentao\lib\base\dao\dao.class.php Page

Zendo is an open source project management software. Zendo project management software version 9.1.2 zentao\lib\base\dao\dao.class.php page SQL injection vulnerability. The orderBy function fails to filter the data submitted by the user, allowing an attacker to exploit the vulnerability to obtain...

MODX Revolution SQL Injection Vulnerability

MODx is an open source PHP application framework that helps users control their online content. A SQL injection vulnerability exists in MODX Revolution versions 2.0.1-pl through 2.5.6-pl. An attacker can exploit the vulnerability to inject or manipulate SQL queries in the back-end database,...

SQL Injection Vulnerability in CUID Parameter of Hikvision's In-vehicle Remote Monitoring System AddUser.php File

Hikvision vehicle remote monitoring system is a set of vehicle video networking monitoring platform software. A SQL injection vulnerability exists in the parameter CUID of the AddUser.php file in Hikvision Vehicle Remote Monitoring System. It allows attackers to exploit the vulnerability to obtai...

S-CMS /member/member_wuliu.asp page O_id parameter has SQL injection vulnerability

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. A SQL injection vulnerability exists in the S-CMS /member/memberwuliu.asp page. Due to insufficient filtering of user input, the program allows attackers to exploit the vulnerability to obtain sensitive...

SQL Injection Vulnerability in Netsun CMS typeid Parameter

Netsun CMS is a website management system managed and developed by Zhejiang Netsun Business Treasure Co. Netsun CMS suffers from a SQL injection vulnerability. The lack of filtering of the 'typeid' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information...

The vulnerability of the Cisco Unified Communications Manager system allows a perpetrator to circumvent access control rules.

The vulnerability of the Cisco Unified Communications Manager web interface relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass access controls by making arbitrary queries to the SQL database...

Castle Rock Computing SNMPc SQL Injection Vulnerability

Castle Rock Computing SNMPc Network Manager is distributed network management system software that monitors all activity on a network. A SQL injection vulnerability exists in versions of Castle Rock Computing SNMPc prior to 2015-12-17. A remote attacker can exploit the vulnerability to extract da...

EyesOfNetwork SQL Injection Vulnerability

EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides features such as a business process configuration tool, generating pop-up windows when events occur in the active queue, and more. Multiple SQL injection vulnerabilities exist in EyesOfNetwork aka EON 5.0 and...

Apache Geode Information Disclosure Vulnerability

Geode is a data management platform that provides real-time, consistent access to data-critical applications across the entire cloud architecture. Apache Geode sets the security-manager attribute and fails to set user permissions correctly after enabling clustering, allowing remote attackers to...

Sweepstakes Pro Software SQL Injection Vulnerability

Sweepstakes Pro Software is a suite of sweepstakes software to increase email lists, increase social networking, and drive sales by running sweepstakes software in conjunction with sweepstakes. A SQL injection vulnerability exists in the s parameter in both win.php and widgetlb.php in Sweepstakes...

GLink Word Link Script SQL Injection Vulnerability

GPix is a free and powerful text link script based on link ads that runs on PHP/MySQL web servers. A SQL injection vulnerability exists in GLink Word Link Script, which is caused by a failure to effectively filter user-submitted data. An attacker can exploit the vulnerability to obtain sensitive...

FocalPoint Component SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the FocalPoint component of Joomla! An attacker can exploit the vulnerabili...

WordPress Spider Event Calendar Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Spider Event Calendar plugin version 1.5.51, which can be exploited by...

The vulnerability of the McAfee VirusScan Enterprise anti-virus software allows a hacker to bypass access control rules.

The vulnerability of the McAfee VirusScan Enterprise antivirus software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass access control rules using a specially crafted HTTP request...

Joomla! OpenCart Component SQL Injection Vulnerability

Joomla! is a content management system which is quite famous in foreign countries.OpenCart is a system component for product management in Joomla! A SQL injection vulnerability exists in the productid parameter of the Joomla! OpenCart index.php page, which can be exploited by attackers to access ...

phplist SQL injection vulnerability (CNVD-2017-04334)

phplist is an application written in PHP for news management. A SQL injection vulnerability exists in phplist, which can be exploited by attackers to access or modify database data...

Omegle Clone SQL Injection Vulnerability

Omegle Clone is a communication software script. An SQL injection vulnerability exists in the Omegle Clone parameter, which could allow a remote, unauthenticated attacker to gain access to sensitive information via this vulnerability...

Secure Download Links 'dc' Parameter SQL Injection Vulnerability

Secure Download Links is an application that provides secure downloads. A SQL injection vulnerability exists in the 'dc' parameter of Secure Download Links, which allows remote, unauthenticated attackers to obtain sensitive information...