The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Synetics i-doit SQL Injection Vulnerability

Synetics i-doit is a set of open source configuration management database CMDB software from Synetics Germany. The software includes features such as IT infrastructure management, network document management, IP address management and IT asset management. A SQL injection vulnerability exists in t...

SolarWinds Network Performance Monitor SQL Injection Vulnerability

SolarWinds Network Performance Monitor NPM is a network performance monitor from SolarWinds, Inc. that provides monitoring and reporting, tracking of up/down status, real-time analytics, and network performance statistics for routers, virtualized environments, and other devices. A SQL injection...

Interspire Email Marketer SQL Injection Vulnerability (CNVD-2018-26787)

BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from BigCommerec, USA. A SQL injection vulnerability exists in the 'delete tags' function of the Dynamiccontenttags.php file in BigCommerec IEM 6.1.6 and earlier versions. A remote attacker can exploit this...

CVE-2018-0320

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this...

Code execution vulnerability in DedeCMS V5.7 SP2 dede/sys_sql_query.php file

Weaving dream content management system DedeCms is a PHP open source website management system. A code execution vulnerability exists in the DedeCMS V5.7 SP2 dede/syssqlquery.php file. An attacker can obtain a webshell by executing a sql statement and writing a one-sentence Trojan...

Open Source Wireless Security Framework: SniffAir

SniffAir is an open-source wireless security framework. Sniffair allows for the collection, management, and analyzation of wireless traffic. In additional, SniffAir can also be used to preform sophisticated wireless attacks. SniffAir was born out of the hassle of managing large or multiple pcap...

The vulnerability of the ScheduleQuery method in the scheduling class of the ZENworks Configuration Management information system allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the ScheduleQuery method in the ZENworks Configuration Management software framework relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using undefined vectors...

Design/Logic Flaw

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOADFILE...

[SECURITY] Fedora 24 Update: phpMyAdmin-4.6.4-2.fc24

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

ManageEngine Firewall Analyzer 8.5 SQL Injection

================================================================ ManageEngine Firewall Analyzer 8.5 SQL Query Execution Vulnerability ================================================================ Description : Vulnerability Type : ManageEngine Firewall Analyzer 8.5 SQL Query Execution...

CVE-2016-2386

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079...

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...

ManageEngine EventLog Analyzer 10.6 Build 10060 SQL Query Execution

Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication: 14/09/2015 Vulnerability Type: authenticated SQL query execution...

ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution

ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication:...

ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution Vulnerability

Exploit for multiple platform in category web applications Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication:...

ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability

ESA-2014-045.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability EMC Identifier: ESA-2014-045 CVE Identifier: CVE-2014-2504 Severity: CVSSv2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: • EMC Documentum D2...

CVE-2014-2504

EMC Documentum D2 is affected by CVE-2014-2504 across multiple releases (3.1 before P20, 3.1SP1 before P02, 4.0 before P10, 4.1 before P13, 4.2 before P01). The issue stems from a flaw in the Documentum Query Language (DQL) engine that enables an authenticated remote user to bypass access restric...

Ecmall a built Station template, search box SQL injection-vulnerability warning-the black bar safety net

http://www.tuutao.com/index.php soil Amoy network With the Ecmall of the establishment of the station template, this template should be all pass to kill. There is a search box injection, the injection point is: http://www.tuutao.com/index.php?app=store&act=search&id=4 5&keyword=aaa&minprice=1 0...

PT-2013-6299 · Esri · Esri Arcgis For Server

Name of the Vulnerable Software and Affected Versions: ESRI ArcGIS for Server versions through 10.2 Description: The issue allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. This can be exploited by providing malicious input to the...