User Control - Unauthenticated SQL Injection

The User Control plugin has a vulnerability that allows every unauthenticated website visitor to perform arbitrary SQL queries...

CVE-2017-6698

A vulnerability in the Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More...

Cisco Prime Infrastructure SQL Injection Vulnerability (cisco-sa-20170621-piepnm2)

A vulnerability in the Cisco Prime Infrastructure PI SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be...

Sql injection

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The attacker must be authenticated as an administrative user to execute SQL database queries. The...

Sql injection

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information:...

CVE-2016-6443

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information:...

CVE-2016-6443

CVE-2016-6443 affects Cisco Prime Infrastructure and Evolved Programmable Network Manager (EPNM) with a SQL database interface vulnerability. The issue is a lack of input validation in SQL queries, allowing an authenticated, remote attacker to execute a subset of arbitrary SQL statements that can...

Cisco Cloud Network Automation Provisioner SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Cloud Network Automation Provisioner CNAP could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...

mcart.xls Bitrix Module 6.5.2 - SQL Injection

mcart.xls Bitrix Module 6.5.2 - SQL Injection Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015...

Joomla (com_jbpublishdownfp) SQL Injection Vulnerability

No description provided by source. ...BEGIN ADVISORY... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! TITLE: Joomla comjbpublishdownfp SQL Injection Vulnerability LANGUAGE: PHP DORK: N/A RESEARCHER: B-HUNT3|2 CONTACT: bhunt3ratnospamgmaildotnospamcom TESTED ON:...

Joomla Component (com_virtuemart) order_status_id SQL Injection Vulnerability

No description provided by source. ...BEGIN ADVISORY... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! TITLE: Joomla comvirtuemart SQL Injection Vulnerability LANGUAGE: PHP DORK: N/A RESEARCHER: B-HUNT3|2 CONTACT: bhunt3ratnospamgmaildotnospamcom TESTED ON:...

Joomla (Yelp Component) SQL Injection Vulnerability

No description provided by source. ...BEGIN ADVISORY... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! TITLE: Joomla Yelp Component SQL Injection Vulnerability LANGUAGE: PHP RESEARCHER: B-HUNT3|2 CONTACT: bhunt3ratnospamgmaildotnospamcom...

Multiple SQL Injection vulnerabilities in ClipBucket

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in ClipBucket, which can be exploited to perform SQL Injection attacks. 1 Multiple SQL Injections in ClipBucket: CVE-2012-5849 1.1 The vulnerability exists due to improper sanitation of input in multiple parameters within...

Openconstructor CMS 3.12.0 - id Multiple SQL Injections

Openconstructor CMS 3.12.0 - id Multiple SQL Injections Title: Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list...

Openconstructor CMS 3.12.0 SQL Injection

Title: Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list http://esectorsolutions.com/about/whats-new/esector-news/detailed/?id=234 Description: Openconstructor...

ArticleSetup Multiple Persistence XSS / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Title : ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities Overview: --------- ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities. Technical Description:...

WordPress Star Rating SQL Injection

Wordpress "wp star rating" plugin SQL injection http://yourwordpress/wp-content/plugins/gd-star-rating/ajax.php?wpnonce=&votetype=cache&votedomain=a&votes=asr.1.xxx.1.2.5+limit+0+union+select+1,0x535242,1,1,co...

Manage Engine Service Desk Plus 7.6 woID SQL Injection Vulnerability

Exploit for jsp platform in category web applications ==================================================================== Manage Engine Service Desk Plus 7.6 woID SQL Injection Vulnerability ==================================================================== Advisory Name: SQL injection in Mana...

ManageEngine ServiceDesk Plus 7.6 - woID SQL Injection

Advisory Name: SQL injection in Manage Engine Service Desk Plus 7.6 Vulnerability Class: SQL injection Release Date: 03-18-2010 Affected Applications: Confirmed in version 7.6. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity: High – CVSS: 9...