8196 matches found
WordPress Social Slider Plugin SQL Injection Vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.Social Slider is a social sharing button display plugin. Social Slider plugin suffers from a SQL injection vulnerability that allows remo...
HumHub SQL Injection Vulnerability
HumHub is a flexible, open source social networking system developed in PHP. HumHub 0.10.0-rc.1 and earlier versions suffer from a SQL injection vulnerability that allows remote authenticated users to execute arbitrary SQL commands...
PMB SQL Injection Vulnerability
PMB is a WEB-based application. The PMB catalog.php script fails to properly filter the id parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...
Osclass 'alert' Parameter SQL Injection Vulnerability
OSClass is a PHP MySQL based development , used to create and manage classified ads website open source system . The Osclass 'alert' parameter suffers from a SQL injection vulnerability because it fails to adequately filter user-supplied data before using it in a SQL query. Allows an attacker to...
mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC...
CVE-2014-2081
Multiple SQL injection vulnerabilities in the login in webreports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...
UBUNTU-CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...
rubygem-activerecord: SQL injection vulnerability in 'range' quoting
It was discovered that Active Record did not properly quote values of the range type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record...
Yahoo!: Read arbitrary XML files on YQL backend servers via XSLT document()
The YQL Yahoo! Query Language service had an arbitrary XSLT document execution vulnerability. The YQL service allowed users to execute arbitrary XSLT stylesheets under the Apache Xalan-J XSLTC processor via the xslt table. Although the JAXP secure mode feature was activated to prevent code...
[SECURITY] Fedora 19 Update: php-doctrine-orm-2.4.2-2.fc19
Object relational mapper ORM for PHP that sits on top of a powerful datab ase abstraction layer DBAL. One of its' key features is the option to write database queries in a proprietary object oriented SQL dialect called Doctri ne Query Language DQL, inspired by Hibernate's HQL. This provides...
EMC Documentum D2 Privilege Escalation (ESA-2014-045)
The remote host is running EMC Documentum D2. It is, therefore, affected by a privilege escalation vulnerability due to a flaw in the Documentum Query Language DQL engine. A remote, authenticated attacker can exploit this vulnerability to execute arbitrary DQL queries with superuser privileges. C...
CVE-2014-2504
EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language DQL queries by calling 1 a core method or 2 a D2FS web-service method...
UBUNTU-CVE-2013-2226
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...
DEBIAN-CVE-2014-2708
Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...
UBUNTU-CVE-2014-2708
Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...
DEBIAN-CVE-2014-2323
SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...
PT-2014-2876
Name of the Vulnerable Software and Affected Versions Digital Signage Xibo version 1.4.2 Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the displayid parameter in the "index.php" file. Recommendations For Digital Signage Xibo...
How do I get my data out of Nexpose? Answer: SQL Query Export
Do any of these these questions sound familiar? "Printable reports are really valuable and I use them on a daily basis. However, is there a section that I can add to show a summary by asset group or site?" "I really like the XML format, but its a little hard to process and I have to write code to...
cumin: filtering table operator not checked, leads to potential SQLi
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...
DEBIAN-CVE-2013-6172
steps/utils/savepref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code...