Lucene search
+L

2846 matches found

CNVD
CNVD
added 2016/07/18 12:0 a.m.3 views

SQL Injection Vulnerability in Remote DBMail Mail Server

DBMail is a database-enabled enterprise mail system developed by TeleSoft. A SQL injection vulnerability exists in Telezine DBMail Mail Server V5.0 updated 2016.07.08. The vulnerability is allowed to be exploited by an attacker to gain access to sensitive database information...

8.1AI score
Exploits0References1
CNVD
CNVD
added 2016/07/13 12:0 a.m.2 views

SQL Injection Vulnerability in Shanghai Yongcan CMS

Shanghai Yongcan CMS is a website building system for major enterprises, schools and social organizations. Shanghai Yongcan CMS suffers from SQL injection vulnerability, through which an attacker can obtain database information, resulting in the leakage of sensitive information...

7.9AI score
Exploits0
CNVD
CNVD
added 2016/07/11 12:0 a.m.3 views

SQL Injection Vulnerability in Magazine System

Magazine System is a newspaper and magazine software designed for colleges and universities. The product suffers from an SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...

7.6AI score
Exploits0References1
CNVD
CNVD
added 2016/07/06 12:0 a.m.12 views

Rexroth Bosch BLADEcontrol-WebVIS SQL Injection Vulnerability

Rexroth Bosch BLADEcontrol is a web-based HMI system. Rexroth Bosch BLADEcontrol has a SQL injection vulnerability in database operations that could lead to control of the database server or remote code execution...

6.4CVSS8.9AI score0.00878EPSS
Exploits0References1
CNVD
CNVD
added 2016/06/14 12:0 a.m.3 views

SQL Injection Vulnerability in the LoginName Parameter of the Collaboration Office System of Shanghai CITIC Information Development Co.

CITIC Shanghai Information Development Co., Ltd. collaborative office system is a set of online office automation software A SQL injection vulnerability exists in the loginName parameter of the CITIC Information Development Co., Ltd. collaborative office system, which can be exploited by an...

7.6AI score
Exploits0References1
CNVD
CNVD
added 2016/06/12 12:0 a.m.3 views

SQL injection vulnerability in the coursewares.htm?recommend= parameter of the distance learning platform of Shenzhen Tengchuang Network Technology Co.

Tengchuang Internet Distance Education Platform is an online knowledge trading platform centered on real-time interactive online classroom, combining powerful functions such as courseware on-demand, course transaction, online payment, and online examination, etc. for students and teachers in...

7.8AI score
Exploits0References1
CNVD
CNVD
added 2016/06/12 12:0 a.m.3 views

SQL Injection Vulnerability in Communication Application Server username Parameter of Shenou Communication Equipment Co.

Shenou Communication Equipment Co., Ltd. is a national non-regional enterprise integrating R&D, production, sales and service. Communication Application Server SOC1000 model products are softswitch servers for IP networks, supporting voice, fax and video at the same time. Shenou Communication...

7.9AI score
Exploits0References1
CNVD
CNVD
added 2016/06/05 12:0 a.m.5 views

Apache Ranger SQL Injection Vulnerability

Apache Ranger is a set of architectures for implementing comprehensive security measures for Hadoop clusters, providing centralized security policy management for core enterprise security requirements such as authorization, billing and data protection. Apache Ranger suffers from a SQL injection...

7.2CVSS8AI score0.01884EPSS
Exploits1References1
CNVD
CNVD
added 2016/05/27 12:0 a.m.4 views

SQL Injection Vulnerability in Remote Video Surveillance Management System of Hangzhou Hikvision Digital Technology Co.

Hangzhou Hikvision Digital Technology Co., Ltd Remote Video Surveillance Management System is a set of video surveillance software. The remote video surveillance management system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from...

7.6AI score
Exploits0References1
CNVD
CNVD
added 2016/04/19 12:0 a.m.4 views

biweb SQL Injection Vulnerability

BIWEB Business Intelligence Website System is a website system relying on ArthurXF enterprise application-level PHP development framework, developed and designed by the Shanghai NetWorks Network Information Co., Ltd. is a rapid development, simple and easy to use object-oriented enterprise...

7.6AI score
Exploits0
CNVD
CNVD
added 2016/04/19 12:0 a.m.2 views

Multiple Vulnerabilities in iScripts EasyCreate

iScripts EasyCreate is an online website builder that can be used on a server to provide website building services to clients and is fully customizable. iScripts EasyCreate suffers from SQL injection, cross-site scripting, and cross-site request forgery vulnerabilities that could be exploited by ...

7.2AI score
Exploits0References1
CNVD
CNVD
added 2016/04/18 12:0 a.m.4 views

Multiple Vulnerabilities in WordPress Booking Calendar Contact Form Plugin

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress Booking Calendar Contact Form plugin version prior to 1.0.23 suffers from a SQL injection, cross-site scripting...

7.2AI score
Exploits0References1
CNVD
CNVD
added 2016/04/16 12:0 a.m.6 views

Multiple Vulnerabilities in ManageEngine Firewall Analyzer

ManageEngine Firewall Analyzer is a web-based firewall log analysis tool from Zoho that collects, correlates, and reports on enterprise-wide logs from firewalls, proxy servers, and Radius servers. Elevation of privilege and SQL injection vulnerabilities exist in ManageEngine Firewall Analyzer,...

8.4AI score
Exploits0References1
CNVD
CNVD
added 2016/04/14 12:0 a.m.3 views

SQL Injection Vulnerability in Transmission Interactive Video Equipment at Clearstream (Beijing) Technology Co.

StreamOcean, Inc. is the world's leading high-technology company dedicated to delivering high-definition interactive video over the Internet, with its fully independent intellectual property rights in the StreamOcean Video Delivery Network SOVDN, which provides the infrastructure for full video...

8.1AI score
Exploits0References1
CNVD
CNVD
added 2016/04/08 12:0 a.m.4 views

weiphp /Application/Admin/Controller/PublicController.class.php Login SQL Injection Vulnerability

weiphp is an open source, efficient, simple microsoft development platform. The weiphp /Application/Admin/Controller/PublicController.class.php login is vulnerable to SQL injection. Allow attackers to exploit the vulnerability to obtain sensitive database information...

7.5AI score
Exploits0References1
CNVD
CNVD
added 2016/04/06 12:0 a.m.3 views

Cacti SQL Injection Vulnerability (CNVD-2016-02028)

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. The tool through snmpget to get the data , using RRDtool drawing graphs for analysis , and provide data and user management functions . A SQL injection vulnerability exists in Cacti 0.8.8g and prio...

8.8CVSS8.5AI score0.02256EPSS
Exploits2References1
CNVD
CNVD
added 2016/03/28 12:0 a.m.3 views

CMS system of Yingkou Aisda Computer Information Network Co., Ltd. suffers from sql injection vulnerability

Yingkou Aisda Computer Information Network Co., Ltd CMS system is a content management system. The product suffers from a sql injection vulnerability, which can be exploited by an attacker to obtain sensitive database information...

7.2AI score
Exploits0References1
CNVD
CNVD
added 2016/02/18 12:0 a.m.7 views

SAP NetWeaver J2EE Engine UDDI Server SQL Injection Vulnerability

SAP NetWeaver J2EE Engine is the German SAP SAP company's a service-oriented integrated application platform J2EE engine. A SQL injection vulnerability exists in the UDDI server of SAP NetWeaver J2EE Engine version 7.40. A remote attacker could exploit this vulnerability to execute arbitrary SQL...

9.8CVSS8.3AI score0.7106EPSS
Exploits8References1
OSV
OSV
added 2016/02/16 3:59 p.m.5 views

CVE-2016-2386

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079...

9.8CVSS6.1AI score0.7106EPSS
Exploits8References8
OSV
OSV
added 2016/02/12 1:59 a.m.6 views

CVE-2016-0881

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and obtain sensitive repository information by appending a query to a REST request...

6.5CVSS5.8AI score0.01708EPSS
Exploits0References2
Rows per page
Query Builder