2846 matches found
SQL Injection Vulnerability in Remote DBMail Mail Server
DBMail is a database-enabled enterprise mail system developed by TeleSoft. A SQL injection vulnerability exists in Telezine DBMail Mail Server V5.0 updated 2016.07.08. The vulnerability is allowed to be exploited by an attacker to gain access to sensitive database information...
SQL Injection Vulnerability in Shanghai Yongcan CMS
Shanghai Yongcan CMS is a website building system for major enterprises, schools and social organizations. Shanghai Yongcan CMS suffers from SQL injection vulnerability, through which an attacker can obtain database information, resulting in the leakage of sensitive information...
SQL Injection Vulnerability in Magazine System
Magazine System is a newspaper and magazine software designed for colleges and universities. The product suffers from an SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...
Rexroth Bosch BLADEcontrol-WebVIS SQL Injection Vulnerability
Rexroth Bosch BLADEcontrol is a web-based HMI system. Rexroth Bosch BLADEcontrol has a SQL injection vulnerability in database operations that could lead to control of the database server or remote code execution...
SQL Injection Vulnerability in the LoginName Parameter of the Collaboration Office System of Shanghai CITIC Information Development Co.
CITIC Shanghai Information Development Co., Ltd. collaborative office system is a set of online office automation software A SQL injection vulnerability exists in the loginName parameter of the CITIC Information Development Co., Ltd. collaborative office system, which can be exploited by an...
SQL injection vulnerability in the coursewares.htm?recommend= parameter of the distance learning platform of Shenzhen Tengchuang Network Technology Co.
Tengchuang Internet Distance Education Platform is an online knowledge trading platform centered on real-time interactive online classroom, combining powerful functions such as courseware on-demand, course transaction, online payment, and online examination, etc. for students and teachers in...
SQL Injection Vulnerability in Communication Application Server username Parameter of Shenou Communication Equipment Co.
Shenou Communication Equipment Co., Ltd. is a national non-regional enterprise integrating R&D, production, sales and service. Communication Application Server SOC1000 model products are softswitch servers for IP networks, supporting voice, fax and video at the same time. Shenou Communication...
Apache Ranger SQL Injection Vulnerability
Apache Ranger is a set of architectures for implementing comprehensive security measures for Hadoop clusters, providing centralized security policy management for core enterprise security requirements such as authorization, billing and data protection. Apache Ranger suffers from a SQL injection...
SQL Injection Vulnerability in Remote Video Surveillance Management System of Hangzhou Hikvision Digital Technology Co.
Hangzhou Hikvision Digital Technology Co., Ltd Remote Video Surveillance Management System is a set of video surveillance software. The remote video surveillance management system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from...
biweb SQL Injection Vulnerability
BIWEB Business Intelligence Website System is a website system relying on ArthurXF enterprise application-level PHP development framework, developed and designed by the Shanghai NetWorks Network Information Co., Ltd. is a rapid development, simple and easy to use object-oriented enterprise...
Multiple Vulnerabilities in iScripts EasyCreate
iScripts EasyCreate is an online website builder that can be used on a server to provide website building services to clients and is fully customizable. iScripts EasyCreate suffers from SQL injection, cross-site scripting, and cross-site request forgery vulnerabilities that could be exploited by ...
Multiple Vulnerabilities in WordPress Booking Calendar Contact Form Plugin
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress Booking Calendar Contact Form plugin version prior to 1.0.23 suffers from a SQL injection, cross-site scripting...
Multiple Vulnerabilities in ManageEngine Firewall Analyzer
ManageEngine Firewall Analyzer is a web-based firewall log analysis tool from Zoho that collects, correlates, and reports on enterprise-wide logs from firewalls, proxy servers, and Radius servers. Elevation of privilege and SQL injection vulnerabilities exist in ManageEngine Firewall Analyzer,...
SQL Injection Vulnerability in Transmission Interactive Video Equipment at Clearstream (Beijing) Technology Co.
StreamOcean, Inc. is the world's leading high-technology company dedicated to delivering high-definition interactive video over the Internet, with its fully independent intellectual property rights in the StreamOcean Video Delivery Network SOVDN, which provides the infrastructure for full video...
weiphp /Application/Admin/Controller/PublicController.class.php Login SQL Injection Vulnerability
weiphp is an open source, efficient, simple microsoft development platform. The weiphp /Application/Admin/Controller/PublicController.class.php login is vulnerable to SQL injection. Allow attackers to exploit the vulnerability to obtain sensitive database information...
Cacti SQL Injection Vulnerability (CNVD-2016-02028)
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. The tool through snmpget to get the data , using RRDtool drawing graphs for analysis , and provide data and user management functions . A SQL injection vulnerability exists in Cacti 0.8.8g and prio...
CMS system of Yingkou Aisda Computer Information Network Co., Ltd. suffers from sql injection vulnerability
Yingkou Aisda Computer Information Network Co., Ltd CMS system is a content management system. The product suffers from a sql injection vulnerability, which can be exploited by an attacker to obtain sensitive database information...
SAP NetWeaver J2EE Engine UDDI Server SQL Injection Vulnerability
SAP NetWeaver J2EE Engine is the German SAP SAP company's a service-oriented integrated application platform J2EE engine. A SQL injection vulnerability exists in the UDDI server of SAP NetWeaver J2EE Engine version 7.40. A remote attacker could exploit this vulnerability to execute arbitrary SQL...
CVE-2016-2386
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079...
CVE-2016-0881
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and obtain sensitive repository information by appending a query to a REST request...