Johnson Controls Metasys Products

RISK EVALUATION Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

The vulnerability of the RunSearch function of the SearchService service in the FactoryTalk AssetCentre software platform allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the RunSearch function in the SearchService service of the FactoryTalk AssetCentre software platform for centralized asset management involves a lack of measures to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to execute arbitrary SQL...

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS lies in the lack of measures to protect the SQL query structure. This allows attackers to execute arbitrary SQL queries against the server’s database.

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the server’s...

The vulnerability of the /admin/ file of the Admin Login component of the Engineers Online Portal allows a malicious user to execute arbitrary SQL queries.

The vulnerability of the /admin/ file of the Admin Login component of the Engineers Online Portal is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the General/vehicle/checkup/delete.php component of the Tongda OA automation tool allows a hacker to execute arbitrary SQL code.

The vulnerability of the General/vehicle/checkup/delete.php component of the Tongda OA automation tool for business processes is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

The vulnerability of the /student/bookdetails.php component of the Library Management System allows a malicious user to execute arbitrary SQL queries.

The vulnerability of the /student/bookdetails.php component of the Library Management System relates to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerabilities of the “/submit.php” and “/infusions/downloads/downloads.php” components of the PHP-Fusion CMS system allow attackers to execute arbitrary SQL queries.

The vulnerability of the “/submit.php” and “/infusions/downloads/downloads.php” components of the PHP-Fusion CMS system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Interspire Email Marketer SQL Injection Vulnerability (CNVD-2018-26787)

BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from BigCommerec, USA. A SQL injection vulnerability exists in the 'delete tags' function of the Dynamiccontenttags.php file in BigCommerec IEM 6.1.6 and earlier versions. A remote attacker can exploit this...

CVE-2016-2386

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079...

PT-2013-6299 · Esri · Esri Arcgis For Server

Name of the Vulnerable Software and Affected Versions: ESRI ArcGIS for Server versions through 10.2 Description: The issue allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. This can be exploited by providing malicious input to the...

PT-2005-4706 · Php · Phpx

Name of the Vulnerable Software and Affected Versions: PHPX versions 3.5.9 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter. This can be exploited by sending malicious inpu...