649 matches found
CVE-2018-8824
modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter...
CVE-2018-7734
Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users§ion=cpanel&page=list request...
Code injection
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter...
CVE-2017-16540
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter...
Article Directory Script SQL Injection Vulnerability
Article Directory Script is a script for creating article directories in websites. A SQL injection vulnerability exists in Article Directory Script version 3.0. A remote attacker can exploit this vulnerability by sending the 'id' parameter to the author.php or category.php file to inject SQL...
MySQL 5.7.x < 5.7.20 Multiple Vulnerabilities (October 2017 CPU)
The version of MySQL running on the remote host is 5.7.x prior to 5.7.20. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has no...
FileRun Remote SQL Injection Vulnerability
FileRun File Manager gives you access to your files anytime, anywhere with self-hosted secure cloud storage, file backups and sharing of photos, videos, documents and more. FileRun suffers from a remote SQL injection vulnerability that originates from the program's failure to validate the metafie...
CVE-2016-7792
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it...
Lokomedia CMS Remote SQL Injection Vulnerability
Lokomedia CMS is a content management system. Lokomedia CMS suffers from a remote SQL injection vulnerability. An attacker could use this vulnerability to take control of the application, access or modify data, or exploit potential vulnerabilities in the underlying database...
Pgbouncer 1.6 Invalid User Authentication Bypass
The version of Pgbouncer running on the remote host is affected by an authentication bypass vulnerability due to a flaw in the startauthrequest function within file client.c when handling requests for invalid users. A remote attacker can exploit this issue to bypass authentication and log into...
MySQL Server Login Possible
Nessus was able to log into the remote MySQL server using the supplied credentials. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid91823; scriptversion"1.5"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/01/27"; scriptnameenglish:"MySQL Server Log...
Zend Framework PDO Adapter Arbitrary Command Execution Vulnerability
Zend Framework ZF is an open source PHP5 development framework for developing web applications and services. In versions prior to Zend Framework 1.12.16, the PDO adapter does not filter null characters within SQL statements, which allows remote attackers to execute arbitrary SQL commands via a...
ICZ MATCHA INVOICE SQL Injection Vulnerability
ICZ MATCHA INVOICE is a Web-based billing management software from ICZ Japan. A SQL injection vulnerability exists in ICZ MATCHA INVOICE 2.5.6 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...
Milw0rm Clone Script SQL Injection Vulnerability
Milw0rm is a hacking and defense interest group that provides security services such as vulnerability mining, security information, hacking and defense, security tools and other security services for IT technicians.Milw0rm Clone Script is a script for sharing and managing the Milw0rm website's...
AlienVault OSSIM Plugin ID SQL Injection Vulnerability
AlienVault OSSIM or Open Source Security Information Management is a popular open source security management system. AlienVault OSSIM handles NBE Plugin DI with a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to...
Wordpress bulletproof-security <=.51 multiple vulnerabilities
Vulnerability title: Wordpress bulletproof-security =.51 multiple vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7958, CVE-2014-7959, CVE-2014-8749 Vendor: AITpro Product: bulletproof-security Affected version: bulletproof-security = .51 Vulnerabilities fixed in version: .51.1 Details: xss...
WordPress Bulletproof-Security .51 Multiple Vulnerabilities
WordPress Bulletproof-Security version .51 suffers from SSRF, cross site scripting, and remote SQL injection vulnerabilities. Vulnerability title: Wordpress bulletproof-security =.51 multiple vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7958, CVE-2014-7959, CVE-2014-8749 Vendor: AITpro...
WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF
Vulnerability title: Wordpress bulletproof-security =.51 multiple vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7958, CVE-2014-7959, CVE-2014-8749 Vendor: AITpro Product: bulletproof-security Affected version: bulletproof-security = .51 Vulnerabilities fixed in version: .51.1 Details: xss...
Multi Manage DbVisualizer Query
Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases With GUI. The remote database can be accessed from the command line without the need to authenticate, and this module abuses this functionality to query and will store the results. Please note: backslash quot...
Multi Manage DbVisualizer Add Db Admin
Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases With GUI. The remote database can be accessed from the command line without the need to authenticate, which can be abused to create an administrator in the database with the proper database permissions. Note:...