Schneider Electric U.motion Builder SOAP Remote Code Execution Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder SOAP. The system allows SOAP requests to execute arbitrary SQL commands. An attacker could exploit the vulnerability to execute arbitrary...

Schneider Electric U.motion Builder track_import_export remote code execution vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder trackimportexport. When the export operation is selected in an applet call, the underlying SQLite database query requires SQL injection of the...

Openbravo Business Suite SQL Injection Vulnerability

Openbravo Business Suite is a management and business process optimization solution from Openbravo Spain. A SQL injection vulnerability exists in Openbravo Business Suite version 3.0. A remote attacker can exploit this vulnerability to inject arbitrary SQL code...

WordPress Multi Feed Reader Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on PHP and MySQL servers.Multi Feed Reader is one of the components used to create RSS feed templates. A SQL injection vulnerability exists in Mult...

Flash cms /wap has multiple SQL Injection Vulnerabilities

Flash Flash cms is a flash website system developed by Zibo Flash Network Technology Co. Flash cms has a SQL injection vulnerability. The vulnerability stems from the program's failure to filter user-submitted data, which can be exploited by attackers to obtain sensitive database information...

INFOR EAM SQL Injection Vulnerability

Infor EAM is the best configurable enterprise-class asset management solution on the market. Improve capital asset management by increasing reliability, enhancing predictive maintenance, ensuring regulatory compliance, reducing energy consumption, and supporting sustainability programs. An SQL...

finecms has a csrf vulnerability

FineCMS is a content management system based on PHP+MySql. A CSRF vulnerability exists in the finecms backend form for executing SQL, which can be exploited by attackers to trick administrators into clicking on a malicious link to execute SQL statements and write a webshell to gain server...

Apple macOS Sierra SQLite SQL Query Memory Corruption Vulnerability

Apple macOS is a set of operating systems that run on Apple's Macintosh line of computers. A memory corruption vulnerability exists in the Apple macOS Sierra SQLite SQL query, which can be exploited by a remote attacker to submit a special WEB page and trick the user into parsing it to execute...

Apple macOS Sierra SQLite SQL Query Arbitrary Code Execution Vulnerability

Apple macOS is an operating system that runs on Apple's Macintosh line of computers. An arbitrary code execution vulnerability exists in the Apple macOS Sierra SQLite SQL query, which can be exploited by a remote attacker to submit a special SQL query and execute arbitrary code...

UBUNTU-CVE-2017-2519

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial o...

SQL Injection Vulnerability in WinCMS id Parameter of Enterprise Business Technology

WinCMS is a website management system managed and developed by Tianjin Qishang Huichuang Technology Co. A SQL injection vulnerability exists in the WinCMS id parameter. The vulnerability allows attackers to exploit the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in 'menu_id' Parameter of Pioneer Hi-Tech Government System

Pioneer Hi-Tech Government System is an "easy technology" system. A SQL injection vulnerability exists in the 'menuid' parameter of the Pilot Hi-Tech Government System. This vulnerability can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in EasySite WebService Interface

easySite Content Management System is a professional portal content management system developed and completed by ZKHUILIAN. EasySite WebService interface SQL injection vulnerability, the vulnerability stems from the WebService WSDL interface fails to submit sufficient data filtering caused by an...

flatCore SQL Injection Vulnerability

flatCore is a web content management system based on PHP5 and SQLite3. A SQL injection vulnerability exists in flatCore, which allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

Accellion FTA Device SQL Injection Vulnerability (CNVD-2017-07454)

Accellion FTA devices is a file transfer device from Accellion USA. The device supports file transfer, file sharing, file transfer tracking and reporting, and more. A SQL injection vulnerability exists in the reporterror.php file in versions of Accellion FTA devices prior to FTA912180. A remote...

SQL Injection Vulnerability in Zendo 9.1.2 zentao\lib\base\dao\dao.class.php Page

Zendo is an open source project management software. Zendo project management software version 9.1.2 zentao\lib\base\dao\dao.class.php page SQL injection vulnerability. The orderBy function fails to filter the data submitted by the user, allowing an attacker to exploit the vulnerability to obtain...

MODX Revolution SQL Injection Vulnerability

MODx is an open source PHP application framework that helps users control their online content. A SQL injection vulnerability exists in MODX Revolution versions 2.0.1-pl through 2.5.6-pl. An attacker can exploit the vulnerability to inject or manipulate SQL queries in the back-end database,...

SQL Injection Vulnerability in CUID Parameter of Hikvision's In-vehicle Remote Monitoring System AddUser.php File

Hikvision vehicle remote monitoring system is a set of vehicle video networking monitoring platform software. A SQL injection vulnerability exists in the parameter CUID of the AddUser.php file in Hikvision Vehicle Remote Monitoring System. It allows attackers to exploit the vulnerability to obtai...

S-CMS /member/member_wuliu.asp page O_id parameter has SQL injection vulnerability

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. A SQL injection vulnerability exists in the S-CMS /member/memberwuliu.asp page. Due to insufficient filtering of user input, the program allows attackers to exploit the vulnerability to obtain sensitive...

SQL Injection Vulnerability in Netsun CMS typeid Parameter

Netsun CMS is a website management system managed and developed by Zhejiang Netsun Business Treasure Co. Netsun CMS suffers from a SQL injection vulnerability. The lack of filtering of the 'typeid' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information...