13188 matches found
CVE-2016-3675
CVE-2016-3675 is a SQL injection vulnerability in Huawei Policy Center affecting versions before V100R003C10SPC020 (and variants cited V100R003C00, V100R003C10SPC020). The issue allows remote authenticated users to execute arbitrary SQL commands through unspecified vectors related to system datab...
CVE-2016-3659
SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter...
CVE-2016-0710
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...
Sql injection
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...
CVE-2015-8153
SQL injection vulnerability in Symantec Endpoint Protection Manager SEPM 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-7448
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7...
Sql injection
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7...
Sql injection
SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-1154
SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Osclass 3.5.9 SQL Injection
Advisory ID: HTB23287 Product: Osclass Vendor: https://osclass.org/ Vulnerable Versions: 3.5.9 and probably prior Tested Version: 3.5.9 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Vendor Patch: January 25, 2016 Public Disclosure: Februa...
webSPELL SQL Injection Vulnerability
webSPELL is a WEB-based content management program. A SQL injection vulnerability exists in webSPELL. Input passed to the "/cashbox.php" script via the "payid" HTTP POST parameter is not sufficiently filtered, allowing an attacker to query the application's database and execute arbitrary SQL...
Sql injection
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079...
CVE-2016-2386
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079...
CVE-2016-2386
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Tiny Tiny RSS - Blind SQL Injection
Exploit for php platform in category web applications Exploit Title: Tiny Tiny RSS Blind SQL Injection Date: 15-02-2016 Software Link: http://tt-rss.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...
CVE-2016-1308
SQL injection vulnerability in Cisco Unified Communications Manager 10.52.13900.9 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227...
Sql injection
SQL injection vulnerability in Cisco Unified Communications Manager 10.52.13900.9 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227...
WordPress WPML Plugin SQL Injection (CVE-2015-2314)
An SQL injection vulnerability exists in the WPML plugin for WordPress, allowing remote attackers to execute arbitrary SQL commands...
WordPress Webdorado Spider Event Calendar Plugin SQL Injection (CVE-2015-2196)
An SQL injection vulnerability exists in Spider Event Calendar 1.4.9 for WordPress allowing remote attackers to execute arbitrary SQL commands...
MGASA-2016-0025 Updated cacti packages fix security vulnerability
Several SQL injection vulnerabilities have been discovered in Cacti. Specially crafted input can be used by an attacker in the rraid value of the graph.php script to execute arbitrary SQL commands on the database CVE-2015-8369...