ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS from the Zzcms team in China. zzcms is vulnerable to SQL injection, which allows an attacker to use the id parameter in admin/bad.php with a lack of validation for external input SQL statements. An attacker can use the vulnerability to execute illegal SQL...

The vulnerability of the ArcGIS Server server, related to the lack of measures taken to protect the SQL query structure, allows attackers to execute arbitrary SQL queries.

The vulnerability of the ArcGIS Server server is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2021-41063

SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands...

Fortinet FortiWLM SQL注入漏洞

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. An SQL injection vulnerability exists in Fortinet FortiWLM versions 8.6.1 and below, which can be exploited by attackers to contaminate database data and extract sensitive information via crafted HTTP requests to be sent to alarms and...

The vulnerability of the surname_filter parameter in the user_list.php script of the Advantech R-SeeNet monitoring software allows a hacker to disclose protected information.

The vulnerability of the surnamefilter parameter in the userlist.php script of the Advantech R-SeeNet monitoring software relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially...

Piwigo SQL注入漏洞

Piwigo is a set of Web-based open source image library software. Piwigo v11.5 contains a security vulnerability in /admin/batchmanagerglobal.php in which the parameter pwgtoken is not sufficiently escaped and filtered. No details of the vulnerability are available at this time...

Dell Emc Streaming Data Platform SQL注入漏洞

Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in Dell Emc Streaming Data Platform, which arises from a database-based application that lacks validation of externally entered SQL...

When PgBouncer is configured to use "cert" authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.

...

The vulnerability of the ePolicy Orchestrator extension of the McAfee Data Loss Prevention software allows a perpetrator to execute arbitrary SQL code.

The vulnerability of the ePolicy Orchestrator extension of the McAfee Data Loss Prevention software lies in the lack of measures taken to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

The vulnerability of the online shopping system – online-shopping-system-advanced – related to the failure to implement measures to neutralize specific elements, allows a hacker to execute arbitrary SQL code.

The vulnerability of the online-shopping-system-advanced system is related to the failure to eliminate certain special elements during the processing of the /homeaction.php catid parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code using a specially...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

PgBouncer 信任管理问题漏洞

PgBouncer is an open source lightweight connection pool for PostgreSql from the PgBouncer community. A vulnerability with trust management issues exists in PgBouncer. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleanup of...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleanin...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...

CVE-2021-40129

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker...

Cisco Common Services Platform Collector SQL注入漏洞

Cisco Common Services Platform Collector CSPC is an SNMP-based tool that discovers and collects information from Cisco devices installed on the network. configuration of Cisco Common Services Platform Collector prior to version 2.9.1.1 The dashboard is vulnerable to SQL injection, which can be...