DELL Dell EMC Avamar Server SQL注入漏洞

Dell EMC Avamar Server is a suite of fully virtualized backup and recovery software for servers from Dell USA. A SQL injection vulnerability exists in Dell EMC Avamar Server 19.1, 19.2, 19.3, which could be exploited by an unauthenticated, remote attacker to cause certain SQL commands to be...

Combodo iTop SQL Injection Vulnerability

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A SQL injection vulnerability exists in Combodo iTop versio...

DEBIAN-CVE-2020-35701

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in datadebug.php allows remote authenticated attackers to execute arbitrary SQL commands via the siteid parameter. This can lead to remote code execution...

Invision Community SQL Injection Vulnerability

Invision Community is a software for designing and developing UI for mobile applications by Invision USA. An SQL injection vulnerability exists in IPS Community Suite versions 4.5.4, which originates from the Downloads REST API...

ISPConfig SQL注入漏洞

ISPConfig is an open source web hosting management program for Linux with a Web control panel , you can use the Web control panel to manage web hosting , open a website , open a mailbox , open and manage mysql databases , support for DNS resolution and monitor the server's operating conditions an...

Blizmax Flamingoim SQL Injection Vulnerability

Blizmax Flamingoim is a high-performance, lightweight, open source instant messaging software from the individual developers of Blizmax. A SQL injection vulnerability exists in Blizmax Flamingoim version 2020-09-29 and earlier versions, which stems from UserManager::addUser...

Egavilan Media Under Onstruction Page With Cpanel SQL注入漏洞

Egavilan Media Under Onstruction Page With Cpanel is a software used to show websites under construction organized by Egavilan Media in the United States. An SQL injection vulnerability exists in Egavilan Media Under Onstruction Page With Cpanel, which can be exploited by an attacker to gain acce...

The vulnerability of the Django library for the Python programming language, allowing attackers to execute arbitrary code

The vulnerability of the Django library for the Python programming language is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

UBUNTU-CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

Sophos Cyberoam OS SQL Injection Vulnerability

Sophos Cyberoam OS is an operating system for Cyberoam devices from Sophos, USA. A SQL injection vulnerability exists in Sophos Cyberoam OS version 2020-12-04, which stems from a SQL injection vulnerability in WebAdmin that can be exploited by an attacker to remotely execute arbitrary SQL...

Craigrodway Classroombookings SQL Injection Vulnerability

Craigrodway Classroombookings is a Php, Mysql based school room booking system by Craigrodway Individual Developer. A SQL injection vulnerability exists in Craigrodway Classroombookings versions prior to 2.4.1, which originates from injecting SQL via the username field of a CSV file when adding a...

PT-2020-17197 · Cyberoam · Cyberoamos

Name of the Vulnerable Software and Affected Versions: Cyberoam OS versions prior to 2020-12-04 Description: An SQL injection vulnerability in the WebAdmin of Cyberoam OS allows unauthenticated attackers to execute arbitrary SQL statements remotely. Recommendations: For versions prior to...

SQL Injection Vulnerability in FOCUS Cloud Platform

Shandong Yili Information Technology Co., Ltd. business scope includes: computer hardware and software and auxiliary equipment development, sales, technical consulting, technical services and so on. FOCUS Cloud Platform has a SQL injection vulnerability that can be exploited by attackers to obtai...

SQL Injection Vulnerability in Website Building System of Yuanqi Technology (Beijing) Co.

Ltd. was founded in May 2014, is committed to become a "private cloud-based service provider of a new generation of enterprise information management system". A SQL injection vulnerability exists in the website building system of Yuanqi Technology Beijing Co., Ltd, which can be exploited by...

BloodX SQL Injection Vulnerability

Diveshlunker Bloodx is a Php-based website builder for blood bank management by the individual developer Diveshlunker. BloodX version 1.0 suffers from a SQL injection vulnerability that can be exploited by attackers to bypass authentication...

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

Online Doctor Appointment Booking System SQL注入漏洞

Online Doctor Appointment Booking System is a web-based online appointment booking system from PHP Scripts Mall Php Scripts Mall, India. Online Doctor Appointment Booking System suffers from a SQL injection vulnerability that originates from a SQL injection vulnerability in the getuser.php...

SQL Injection Vulnerability in Enping Wanshang Web Design Studio's Website Building System

Enping Wanshang Web Design Studio was founded in September 2016, and its business scope includes web design and website construction. There is a SQL injection vulnerability in the website building system of Wanshang Web Design Studio in Enping City, which can be exploited by attackers to obtain...

Vulnerability of the Server component: The X Plugin of the MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the MySQL Server component involves insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...