5701 matches found
The vulnerability of the Cisco Unified Communications Manager system allows a perpetrator to circumvent access control rules.
The vulnerability of the Cisco Unified Communications Manager web interface relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass access controls by making arbitrary queries to the SQL database...
Castle Rock Computing SNMPc SQL Injection Vulnerability
Castle Rock Computing SNMPc Network Manager is distributed network management system software that monitors all activity on a network. A SQL injection vulnerability exists in versions of Castle Rock Computing SNMPc prior to 2015-12-17. A remote attacker can exploit the vulnerability to extract da...
Sweepstakes Pro Software SQL Injection Vulnerability
Sweepstakes Pro Software is a suite of sweepstakes software to increase email lists, increase social networking, and drive sales by running sweepstakes software in conjunction with sweepstakes. A SQL injection vulnerability exists in the s parameter in both win.php and widgetlb.php in Sweepstakes...
GLink Word Link Script SQL Injection Vulnerability
GPix is a free and powerful text link script based on link ads that runs on PHP/MySQL web servers. A SQL injection vulnerability exists in GLink Word Link Script, which is caused by a failure to effectively filter user-submitted data. An attacker can exploit the vulnerability to obtain sensitive...
WordPress Spider Event Calendar Plugin SQL Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Spider Event Calendar plugin version 1.5.51, which can be exploited by...
phplist SQL injection vulnerability (CNVD-2017-04334)
phplist is an application written in PHP for news management. A SQL injection vulnerability exists in phplist, which can be exploited by attackers to access or modify database data...
Joomla! OpenCart Component SQL Injection Vulnerability
Joomla! is a content management system which is quite famous in foreign countries.OpenCart is a system component for product management in Joomla! A SQL injection vulnerability exists in the productid parameter of the Joomla! OpenCart index.php page, which can be exploited by attackers to access ...
WordPress Mail Masta plugin SQL injection vulnerability (CNVD-2017-02634)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Mail Masta aka mail-masta is one of the email plug-ins. WordPress Mail Masta plugin version 1.0 in...
CVE-2016-8940
IBM Tivoli Storage Manager IBM Spectrum Protect 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these...
CVE-2016-9992
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1992067...
Joomla com_sgpprojects Component SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla comsgpprojects component. An attacker can exploit the vulnerability to access or modify database data...
Joomla com_wisroyq component 'Pid' parameter SQL injection vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'Pid' parameter of the Joomla comwisroyq component. An attacker can exploit the vulnerability to access or modify database data...
CVE-2016-8998
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference : 1998747...
Joomla djcatalog2 Component SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla djcatalog2 component. An attacker can exploit the vulnerability to access or modify database data...
SQL Injection Vulnerability in Ocean CMS tid Parameter
Ocean CMS is an open source website builder. An SQL injection vulnerability exists in the admintopicvod.php page of Ocean CMS 6.46 utf-8 official. The lack of filtering of the 'tid' parameter allows an attacker to exploit the vulnerability to obtain sensitive information about the database...
SQL command execution vulnerability in the sysId parameter of Wyspeed V2 video conferencing system
Vizz V2 Video Conferencing System is a video conferencing system. A SQL command execution vulnerability exists in the sysId parameter of the Vizz V2 video conferencing system. It allows an attacker to remotely write a shell and gain server privileges...
Joomla Hbooking Component SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla Hbooking component. An attacker can exploit the vulnerability to access or modify database data...
Joomla JE Form Creator Component SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla JE Form Creator component, which can be exploited by attackers to access or modify database data...
Joomla JE auction component SQL injection vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla JE auction component. An attacker can exploit the vulnerability to access or modify database data...
CVE-2016-8355
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and...