SQL Injection Vulnerability in Haitian OA System ID Parameter

Haitian OA network office system is suitable for enterprises and institutions of the general-purpose network office software, the system adopts the leading B / S browser / server mode of operation, so that the network office is not subject to geographical restrictions. A SQL injection vulnerabili...

concrete5 'Access.php' SQL Injection Vulnerability

concrete5 is a free content management system CMS developed by Portland Labs in the United States. The system allows editing and layout directly on the page. A SQL injection vulnerability exists in concrete5 that stems from the program failing to adequately filter user-submitted input before...

SQL Injection Vulnerability in OAID Parameter of Haitian OA System/Documents/OA_DocDisplay_NewWindow.asp Page

Haitian OA network office system is suitable for enterprises and institutions of the general-purpose network office software, the system adopts the leading B / S browser / server mode of operation, so that the network office is not subject to geographical restrictions. A SQL injection vulnerabili...

ApPHP Hotel Site SQL Injection Vulnerability

ApPHP Hotel Site is a PHP-based hotel management solution from ApPHP USA. The program provides hotel management and online booking and other functions. A SQL injection vulnerability exists in ApPHP Hotel Site version 3.x.x. The vulnerability stems from the index.php script failing to adequately...

Cacti SQL Injection Vulnerability (CNVD-2015-03938)

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. The tool through snmpget to obtain data , using RRDtool drawing graphs to analyze , and provide data and user management features . A SQL injection vulnerability exists in versions prior to Cacti...

Cisco Unified Web and E-Mail Interaction Manager SQL Injection Vulnerability

Cisco Unified Web and E-mail Interaction Manager are both products in the Customer Collaboration Contact Center of the American Cisco Cisco company. A SQL injection vulnerability exists in Cisco Unified Web and E-Mail Interaction Manager, which could be exploited by a remote attacker to submit a...

Aruba Networks CPPM SQL Injection Vulnerability

Aruba Networks ClearPass Policy Manager is an advanced policy management platform for role- and device-based network access control. A security vulnerability exists in Aruba Networks ClearPass Policy Manager CPPM, which can be exploited by remote administrators to execute arbitrary SQL commands...

Cacti graph.php SQL Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools. The Cacti graph.php script fails to properly filter the localgraphid parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

IBM Security SiteProtector System SQL Injection Vulnerability

The IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents and devices. A SQL injection vulnerability exists in IBM Security SiteProtector System, which allows remote attackers to exploit the...

WordPress Tune Library Plugin SQL Injection Vulnerability

WordPress is a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up personal blog site.Tune Library is one of the plugin used to import XML iTunes music library files into the WordPress database. A SQL injection vulnerability exists in the...

Cisco Unified Communications Manage SQL Injection Vulnerability

Cisco Unified Communications Manager is the call processing component of the IP Telephony solution from Cisco. A SQL injection vulnerability exists in Cisco Unified Communications Manager due to the program failing to properly filter user-supplied input. This allows an authenticated, remote...

Novell ZENworks 'GetReRequestData' Method SQL Injection Vulnerability

Novell ZENworks is a suite of software that supports automated IT management and business process management across resources within an organization. A SQL injection vulnerability in the 'GetReRequestData' method of the GetStoredResult class in Novell ZENworks allows remote attackers to submit...

WordPress Plugin All In One WP Security & Firewall admin/wp-security-list-acct-activity.php SQL Injection Vulnerability

WordPress is a set of blogging platform developed in PHP language by WordPress Software Foundation, which supports setting up personal blog sites on servers with PHP and MySQL.All In One WP Security & Firewall Plugin for WordPress is a Wordpress Security Plugin. The All In One WP Security &...

Cisco CUCDM SQL Injection Vulnerability

Cisco Unified Communications Manager is an enterprise-class IP telephony call processing system. A sql injection vulnerability exists in the graphical administration feature of Cisco Unified Communications Domain Manager Application Software due to a failure to effectively validate user-supplied...

Hospira MedNet Hardcoded Password Vulnerability (CNVD-2015-02160)

MedNet manages drug libraries, firmware updates, and configurations for Hospira IV pumps for use in the healthcare and public health sectors. MedNet uses plain text stored passwords for the SQL database, which allows an attacker to compromise the MedNet SQL server and gain administrator access to...

Multiple SQL Injection Vulnerabilities in Fiyo CMS

Fiyo CMS is small business phone service and mobile collaboration tool. Fiyo CMS has multiple SQL injection vulnerabilities. The vulnerabilities can be exploited by an attacker to gain access to sensitive database information...

Comsenz SupeSite CMS SQL Injection Vulnerability

Comsenz SupeSite 7.0 CMS is a content management system developed by Comsenz. Comsenz SupeSite 7.0 CMS "batch.common.php" fails to properly filter user-submitted inputs for the "name" parameter, allowing remote attackers to submit specially crafted SQL queries to manipulate or obtain database dat...

WordPress SEO by Yoast SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.WordPress SEO by Yoast is an SEO plugin for wordpress. WordPress SEO by Yoast fails to properly filter user-submitt...

SQL Injection Vulnerability in Ticketmaster ERP Management System of Shanghai Shengdai Information Technology Co.

Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...

SIPhone Enterprise PBX SQL Injection Vulnerability

SIPhone Enterprise PBX is an enterprise switch product. A SQL injection vulnerability exists in SIPhone Enterprise PBX. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via a username...