CVE-2016-9992

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1992067...

Joomla com_wisroyq component 'Pid' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'Pid' parameter of the Joomla comwisroyq component. An attacker can exploit the vulnerability to access or modify database data...

Joomla com_sgpprojects Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla comsgpprojects component. An attacker can exploit the vulnerability to access or modify database data...

CVE-2016-8998

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference : 1998747...

Joomla djcatalog2 Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla djcatalog2 component. An attacker can exploit the vulnerability to access or modify database data...

SQL Injection Vulnerability in Ocean CMS tid Parameter

Ocean CMS is an open source website builder. An SQL injection vulnerability exists in the admintopicvod.php page of Ocean CMS 6.46 utf-8 official. The lack of filtering of the 'tid' parameter allows an attacker to exploit the vulnerability to obtain sensitive information about the database...

SQL command execution vulnerability in the sysId parameter of Wyspeed V2 video conferencing system

Vizz V2 Video Conferencing System is a video conferencing system. A SQL command execution vulnerability exists in the sysId parameter of the Vizz V2 video conferencing system. It allows an attacker to remotely write a shell and gain server privileges...

Joomla JE auction component SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla JE auction component. An attacker can exploit the vulnerability to access or modify database data...

Joomla Hbooking Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla Hbooking component. An attacker can exploit the vulnerability to access or modify database data...

Joomla JE Form Creator Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla JE Form Creator component, which can be exploited by attackers to access or modify database data...

CVE-2016-8355

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and...

CVE-2016-8341

An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands...

Multi-meter (DuomiCms) film and television management system climit and ckey parameters exist SQL injection vulnerability

Duomi DuomiCms film and television management system is a set of specialized video on demand system. A SQL injection vulnerability exists in DuomiCms. The lack of filtering of the 'climit' and 'ckey' parameters allows an attacker to exploit the vulnerability to obtain sensitive database informati...

McAfee ePolicy Orchestrator SQL Injection Vulnerability (CNVD-2017-01459)

McAfee ePolicy Orchestrator ePO is a suite of scalable security management software from Intel Corporation formerly McAfee, Inc.. The software enables centralized, streamlined management of endpoint, network, content security and compliance solutions. An SQL injection vulnerability exists in McAf...

Advantech WebAccess 'updateTemplate.aspx' SQL Injection Vulnerability

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. A SQL injection vulnerability exists in Advantech WebAcces...

MC Documentation Creator SQL Injection Vulnerability

MC Documentation Creator is a PHP document creation script . A SQL injection vulnerability exists in MC Documentation Creator. Due to poor parameter filtering in this PHP script, an attacker can exploit the vulnerability to obtain sensitive data...

Smart Guard Network Manager SQL Injection Vulnerability

Smart Guard Network Manager is a software that manages your network, bandwidth and network security. An SQL injection vulnerability exists in the ?menuid parameter of the searchallhistory.php page in Smart Guard Network Manager version 6.3.2, which originates from the program failing to adequatel...

Microsoft .NET Framework Information Disclosure Vulnerability (CNVD-2016-12419)

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...

Dell SonicWALL Universal Management Suite SQL Injection Vulnerability

Dell SonicWALL Universal Management Suite is a product of Dell, Inc. Dell SonicWALL Analyzer provides a comprehensive view of the network with comprehensive reports on bandwidth, threats and application traffic analysis. Dell SonicWALL Global Management System GMS is easily replaced, updated or...

Luis Bernardo SQL Injection Vulnerability

Luis Bernard is a web application development framework. A SQL injection vulnerability exists in the idplayer parameter of the formseeplayer.php page of the Luis Bernard system. Because the program fails to adequately filter user-submitted input, an attacker could use this vulnerability to take...