UBUNTU-CVE-2017-2519

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial o...

SQL Injection Vulnerability in WinCMS id Parameter of Enterprise Business Technology

WinCMS is a website management system managed and developed by Tianjin Qishang Huichuang Technology Co. A SQL injection vulnerability exists in the WinCMS id parameter. The vulnerability allows attackers to exploit the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in 'menu_id' Parameter of Pioneer Hi-Tech Government System

Pioneer Hi-Tech Government System is an "easy technology" system. A SQL injection vulnerability exists in the 'menuid' parameter of the Pilot Hi-Tech Government System. This vulnerability can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in EasySite WebService Interface

easySite Content Management System is a professional portal content management system developed and completed by ZKHUILIAN. EasySite WebService interface SQL injection vulnerability, the vulnerability stems from the WebService WSDL interface fails to submit sufficient data filtering caused by an...

Accellion FTA Device SQL Injection Vulnerability (CNVD-2017-07454)

Accellion FTA devices is a file transfer device from Accellion USA. The device supports file transfer, file sharing, file transfer tracking and reporting, and more. A SQL injection vulnerability exists in the reporterror.php file in versions of Accellion FTA devices prior to FTA912180. A remote...

flatCore SQL Injection Vulnerability

flatCore is a web content management system based on PHP5 and SQLite3. A SQL injection vulnerability exists in flatCore, which allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

SQL Injection Vulnerability in Zendo 9.1.2 zentao\lib\base\dao\dao.class.php Page

Zendo is an open source project management software. Zendo project management software version 9.1.2 zentao\lib\base\dao\dao.class.php page SQL injection vulnerability. The orderBy function fails to filter the data submitted by the user, allowing an attacker to exploit the vulnerability to obtain...

MODX Revolution SQL Injection Vulnerability

MODx is an open source PHP application framework that helps users control their online content. A SQL injection vulnerability exists in MODX Revolution versions 2.0.1-pl through 2.5.6-pl. An attacker can exploit the vulnerability to inject or manipulate SQL queries in the back-end database,...

SQL Injection Vulnerability in CUID Parameter of Hikvision's In-vehicle Remote Monitoring System AddUser.php File

Hikvision vehicle remote monitoring system is a set of vehicle video networking monitoring platform software. A SQL injection vulnerability exists in the parameter CUID of the AddUser.php file in Hikvision Vehicle Remote Monitoring System. It allows attackers to exploit the vulnerability to obtai...

S-CMS /member/member_wuliu.asp page O_id parameter has SQL injection vulnerability

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. A SQL injection vulnerability exists in the S-CMS /member/memberwuliu.asp page. Due to insufficient filtering of user input, the program allows attackers to exploit the vulnerability to obtain sensitive...

SQL Injection Vulnerability in Netsun CMS typeid Parameter

Netsun CMS is a website management system managed and developed by Zhejiang Netsun Business Treasure Co. Netsun CMS suffers from a SQL injection vulnerability. The lack of filtering of the 'typeid' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information...

Castle Rock Computing SNMPc SQL Injection Vulnerability

Castle Rock Computing SNMPc Network Manager is distributed network management system software that monitors all activity on a network. A SQL injection vulnerability exists in versions of Castle Rock Computing SNMPc prior to 2015-12-17. A remote attacker can exploit the vulnerability to extract da...

Cell Phone Remote Lighting Monitoring System SQL Injection Vulnerability in txtUsername Parameter

Mobile Remote Lighting Monitoring System is a lighting monitoring system from China Electronic Technology Group Corporation. A SQL injection vulnerability exists in the Mobile Remote Lighting Monitoring System. The lack of filtering of the 'txtUsername' parameter allows an attacker to exploit the...

Sweepstakes Pro Software SQL Injection Vulnerability

Sweepstakes Pro Software is a suite of sweepstakes software to increase email lists, increase social networking, and drive sales by running sweepstakes software in conjunction with sweepstakes. A SQL injection vulnerability exists in the s parameter in both win.php and widgetlb.php in Sweepstakes...

GLink Word Link Script SQL Injection Vulnerability

GPix is a free and powerful text link script based on link ads that runs on PHP/MySQL web servers. A SQL injection vulnerability exists in GLink Word Link Script, which is caused by a failure to effectively filter user-submitted data. An attacker can exploit the vulnerability to obtain sensitive...

WordPress Spider Event Calendar Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Spider Event Calendar plugin version 1.5.51, which can be exploited by...

Joomla! OpenCart Component SQL Injection Vulnerability

Joomla! is a content management system which is quite famous in foreign countries.OpenCart is a system component for product management in Joomla! A SQL injection vulnerability exists in the productid parameter of the Joomla! OpenCart index.php page, which can be exploited by attackers to access ...

phplist SQL injection vulnerability (CNVD-2017-04334)

phplist is an application written in PHP for news management. A SQL injection vulnerability exists in phplist, which can be exploited by attackers to access or modify database data...

WordPress Mail Masta plugin SQL injection vulnerability (CNVD-2017-02634)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Mail Masta aka mail-masta is one of the email plug-ins. WordPress Mail Masta plugin version 1.0 in...

CVE-2016-8940

IBM Tivoli Storage Manager IBM Spectrum Protect 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these...