MyBB has multiple vulnerabilities (CNVD-2016-11606)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.7, including: SQL injecti...

pycsw SQL Injection Vulnerability

pycsw is a system written in python that implements OGC CSW server functionality. It runs on all major platforms Windows, Linux, Mac OS X. Pycsw suffers from a SQL injection vulnerability, which can be exploited by an attacker to take control of the application, access or modify data, or exploit...

TYPO3 TC Directmail SQL Injection Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A SQL injection vulnerability exists in TYPO3 TC Directmail. The vulnerability is caused due to the program failing to properly filter user-supplied input, allowing an attacker to exploit the...

SQL Injection Vulnerability in NetDoit of Acuity Brands Creative Marketing Ltd.

NetDoit is a small CMS system developed by php+mysql. The product newsdetail.php?id= exists SQL injection vulnerability, the injection parameter is id, the attacker can use the vulnerability to obtain database sensitive information...

Ufo UFO-UAPWS suffers from SQL error reporting injection vulnerability (CNVD-2016-10771)

Ufo UFO-UAPWS Reporting System is an Internet solution for enterprises. A SQL reporting error injection vulnerability exists in UFIDA UFO-UAPWS. An attacker exploiting the vulnerability can view sensitive information, obtain database information, and cause information leakage...

SQL Injection Vulnerability in Type Parameters of Penta Digital Campus System

Penta Digital Campus System is using the technology platform of .NET+SqlServer. A SQL injection vulnerability exists in the /Student/xsxk/MessageView.aspx page of the Penda Digital Campus System. The lack of filtering of the 'type' parameter allows an attacker to exploit the vulnerability to obta...

SAP Adaptive Server Enterprise SQL Injection Vulnerability

SAP Adaptive Server Enterprise ASE is a high-performance relational database management system of Germany SAP SAP. A SQL injection vulnerability exists in SAP ASE 16.0 SP02 PL03 and earlier versions. An attacker can exploit this vulnerability to gain system administrator privileges via dbcc...

Exponent CMS 'title' Parameter SQL Injection Vulnerability

Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...

SQL Injection Vulnerability in Digital China Internet Behavior Management System Announcement Parameters

Digital China Internet Behavior Management System is an Internet behavior logging system that fully owns the network behavior analysis management system, integrating hardware and software architecture, behavior analysis engine, management and control policies, analyzing network activities in real...

SQL Injection Vulnerability in Netqi CMS Web Management System 6.0

Netqi CMS website management system is a set of CMS system developed by Netqi, this system is developed using ASP.NET kernel. The system's ip/ajax.apsx page has an SQL injection vulnerability that allows arbitrary users to obtain database information...

CVE-2016-6443

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information:...

Cisco Identity Services Engine SQL Injection Vulnerability

Cisco Identity Services Engine is an identity-based environment awareness platform from Cisco. A SQL injection vulnerability exists in the Cisco Identity Services EngineWeb framework interface, which allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to...

PT-2016-4508 · Huge It · Huge-It Portfolio Gallery Manager

Name of the Vulnerable Software and Affected Versions: Huge-IT Portfolio Gallery manager version 1.1.0 Description: The issue concerns SQL Injection and XSS in the Huge-IT Portfolio Gallery manager. No further details are provided about the nature of the issue, affected devices, or real-world...

Ipswitch WhatsUp Gold SQL Injection Vulnerability (CNVD-2016-10073)

Ipswitch WhatsUp Gold is a suite of unified infrastructure and application monitoring software from Ipswitch USA. A SQL injection vulnerability exists in the sUniqueID parameter of the WrFreeFormText.asp script in Ipswitch WhatsUp Gold version 16.4.1, which can be exploited by remote attackers to...

SQL Injection Vulnerability in UFIDA UFO System queryByWhere Interface

UFIDA UFO system is UFIDA software comes with tabular data processing software. A SQL injection vulnerability exists in the queryByWhere interface of UFIDA UFO System. An attacker is allowed to exploit the vulnerability to obtain database information...

SQL Injection Vulnerability in bjbh Parameter of EAP Digital Campus Integration Management Platform of Guangzhou Zhongda Dongri Education Technology Co.

EAP platform, abbreviated as EAP Enterprise Application Platform, enterprise application platform, also known as enterprise management software platform, is a highly open, integrated with a number of enterprise management software modules. Guangzhou CUHK Dongri Education Technology Co., Ltd. EAP...

SQL Injection Vulnerability in the queryInvcl Method of the UFIDA UFO System

UFIDA UFO system is UFIDA software comes with tabular data processing software. A SQL injection vulnerability exists in the queryInvcl method of UFIDA UFO System. An attacker is allowed to exploit the vulnerability to obtain database information...

SQL Injection Vulnerability in the Type Parameter of NoticeList.aspx Page of Wave e-Procurement Platform

Wave e-procurement platform is a proprietary e-commerce platform for enterprises built using cloud computing and e-commerce technology. A SQL injection vulnerability exists in the Type parameter of the NoticeList.aspx page of the Wave e-Procurement Platform, which can be exploited by an attacker ...

TYPO3 GN Tactics Planner Extension SQL Injection Vulnerability

TYPO3 is a free and open source content management system. A SQL injection vulnerability exists in TYPO3 GN Tactics Planner Extension due to the program failing to adequately clean up user input. An attacker could exploit the vulnerability to access or modify data...

SetucoCMS SQL Injection Vulnerability

SetucoCMS is a content management system CMS. A SQL injection vulnerability exists in SetucoCMS. An attacker can exploit this vulnerability to execute arbitrary SQL commands...