13188 matches found
WordPress Pretty Link Lite Plugin <= 1.6.7 - SQL Injection
Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Upgrade the plugin...
The vulnerability of the Cisco Secure Access Control System’s access control system allows a perpetrator to execute arbitrary SQL commands.
The vulnerability of the Solution Engine component of the Cisco Secure Access Control System relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted URL...
SQL Injection in orion.extfeedbackform Bitrix Module
High-Tech Bridge Security Research Lab discovered two vulnerabilities in orion.extfeedbackform Bitrix module, can be exploited to execute arbitrary SQL queries and obtain potentially sensitive data, modify information in database and gain complete control over the vulnerable website. All discover...
ManageEngine Applications Manager CommonAPIUtil enableDisableAlarmsAction SQL Injection
An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the resourceid and haid parameters when processing requests using the enableDisableAlarmsAction method of the CommonAPIUtil class. By sending crafted request message...
IBM Security QRadar Incident Forensics SQL Injection Vulnerability
IBM Security QRadar Incident Forensics is a suite of security forensic investigation software from IBM. The software supports in-depth forensic investigation of suspected malicious network security incidents, and repair network security vulnerabilities. An SQL injection vulnerability exists in IB...
Sql injection
SQL injection vulnerability in the wpuntrashpostcomments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash...
CVE-2015-1989
SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Sql injection
Multiple SQL injection vulnerabilities in csadminusers.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 user, 2 isadmin, 3 mail service, 4 mailresceipt, 5 stellv, 6 champtipp, 7 tippgroup, or 8 userid parameter...
Sql injection
SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843...
CVE-2005-4745
SQL injection vulnerability in the rlmsqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors...
CVE-2002-2043
SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password...
CVE-2015-6350
The CVE-2015-6350 entry concerns Cisco Prime Service Catalog 11.0, where the WEB framework is vulnerable to SQL injection. The root cause is failed validation of user-supplied input used in SQL queries, enabling remote authenticated users to execute arbitrary SQL commands via unspecified vectors....
CVE-2006-2050
SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter...
CVE-2015-7297
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858...
CVE-2015-7297
CVE-2015-7297 is a Joomla! SQL injection affecting Joomla 3.2 up to 3.4.3 (before 3.4.4). It targets the Content History area, enabling an attacker to execute arbitrary SQL via unspecified vectors. Exploit evidence (EDB-38797) describes a SQLi leading to remote code execution in Joomla 3.2–3.4.4 ...
CVE-2015-5668
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-5668
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-7903
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-6486
SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...