Cisco Prime Collaboration Assurance SQL Injection Vulnerability

Cisco Prime is a service-centric solution that integrates the management of wired and wireless LANs, WANs and data centers from endpoints, network devices and applications, and filters information. A SQL injection vulnerability exists in the Cisco Prime Collaboration Assurance WEB architecture,...

Cisco Prime Collaboration Assurance SQL Injection Vulnerability (CNVD-2015-06574)

Cisco Prime is a service-centric solution that integrates the management of wired and wireless LANs, WANs and data centers from endpoints, network devices and applications, and filters information. A SQL injection vulnerability exists in the Cisco Prime Collaboration Assurance WEB architecture,...

Pref Shimane CMS vulnerable to SQL injection

Overview Pref Shimane CMS is an open-source Contents Management System CMS. Pref Shimane CMS contains an SQL injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A logged in...

Open-Xchange OX Guard SQL Injection Vulnerability

Open-Xchange OX Guard is a security suite for email and documents. A SQL injection vulnerability exists in the public key discovery API calls of Open-Xchange OX Guard, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain...

ThinkSAAS SQL Injection Vulnerability

ThinkSAAS is a lightweight open source community system , is a community system that can be used to build discussion groups , bbs and circles . ThinkSAAS has a SQL injection vulnerability. An attacker can exploit the vulnerability to execute SQL statements and obtain sensitive information from...

Synology Video Station SQL Injection Vulnerability (CNVD-2015-06008)

Synology Video Station is a video manager from Synology. A SQL injection vulnerability exists in Synology Video Station versions prior to 1.5-0757, which can be exploited by remote attackers to execute arbitrary SQL commands...

SQL Injection Vulnerability in the username parameter of Wave Software Administrative Services System

The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the username parameter of WaveSoft...

SQL Injection Vulnerability in Panmicro E-office /E-mobile/flow/flowtype_free.php Parameter

Panmicro E-office is an OA product launched by Panmicro for small and medium-sized organizations. A SQL injection vulnerability exists in the Panmicro E-office /E-mobile/flow/flowtypefree.php parameter, which can be exploited by attackers to obtain sensitive information from the database...

Multiple SQL Injection Vulnerabilities in Beijing Oriental Netscape PIW Content Management System

PIW Content Management System is a content management system of Beijing Oriental Netscape Information Technology Co. PIW Content Management System has multiple SQL injection vulnerabilities. The vulnerabilities allow attackers to exploit the vulnerabilities to gain access to sensitive information...

Multiple SQL Injection Vulnerabilities in Jinhe Collaboration Management Platform

Jinhe OA collaborative management platform using asp.net and sqlserver technology development, the use of many users. There are multiple SQL injection vulnerabilities in OA Collaboration Management Platform. Attackers are allowed to utilize common SQL injection tools to obtain sensitive database...

Multiple SQL Injection Vulnerabilities in Panmicro's Mobile OA Solution e-mobile

E-Mobile is a mobile office product based on Android client released by Shanghai Panmicro Network Technology Co. There are multiple SQL injection vulnerabilities in Panmicro's mobile OA solution, e-mobile. It allows attackers to utilize commonly used SQL injection tools to obtain sensitive databa...

SQL Injection Vulnerability in vnet web management system of China Haida

COSHIDA VNet6 Professional Reference Station Receiver is one of COSHIDA's new VNet series of measurement systems, and it is also a professional reference station receiver specially designed for reference station applications. A SQL injection vulnerability exists in the COSHIDA vnet web management...

Drupal SQL Comment Filtering System SQL Injection Vulnerability

Drupal is a free and open source content management system developed in PHP. A SQL injection vulnerability exists in the Drupal SQL Comment Filtering System, which allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to manipulate or obtain database data...

SQL Injection Vulnerability in Anhui Business Network CMS System

A SQL injection vulnerability exists in the CMS system of Anhui Business Network. An attacker can exploit the vulnerability to obtain sensitive information from the database...

Generalized SQL Injection Vulnerability in Seven Colors Network Website Builder System

A generic SQL injection vulnerability exists in the Seven Colors Network website builder system. The vulnerability allows attackers to obtain sensitive database information...

SQL Injection and Arbitrary File Upload Vulnerabilities in Rural Electronic Monitoring Platform of Beijing Zhongnong Xinda Information Technology Co.

Beijing Zhongnong Xinda Information Technology Co., Ltd. is a provider of comprehensive services for three rural informatization, and the Rural Electronic Monitoring Platform is one of the company's monitoring platforms. A SQL injection and arbitrary file upload vulnerability exists in the Rural...

Symantec Endpoint Protection Manager SQL Injection Vulnerability

Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A SQL injection vulnerability exists in the management console of...

SO Planning SQL Injection Vulnerability

SO Planning is a free and open source set of online project production and management tools. SO Planning is vulnerable to a SQL injection vulnerability. The vulnerability is due to the program failing to adequately filter user-submitted input before constructing SQL query statements. An attacker...

Cacti SQL Injection Vulnerability (CNVD-2015-04994)

Cacti is based on PHP, MySQL, SNMP and RRDTool developed a set of graphical analysis of network traffic monitoring tools . Cacti 'graphs.php' , 'cdef.php', 'datatemplates.php', 'graphtemplates.php' and 'hosttemplates.php' scripts incorrectly filter user input, allowing remote attackers to exploit...

Sysphonic Thetis SQL Injection Vulnerability

Thetis World-Strongest groupware/web collaboration suite is based on Ruby on Rails. A SQL injection vulnerability exists in Sysphonic Thetis versions prior to 2.3.0, which can be exploited by remote attackers to execute arbitrary SQL commands...