206 matches found
Redmine SQL Injection Vulnerability
Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A SQL injection vulnerability exists in Redmine. The vulnerability stems from a lack of validation o...
The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.
The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
WordPress gallery-photo-gallery plugin SQL injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. gallery-photo-gallery is a responsive gallery plugin used in it. A SQL injection vulnerability exists in the WordPress...
CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop Vulnerability
Exploit for linux platform in category web applications Exploit Title : CWP CentOS Control Web Panel Arbitrary database dropping Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user...
CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop
Exploit Title : CWP CentOS Control Web Panel Arbitrary database dropping Date : 24 Jul 2019 Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only available for lastest versi...
Deepwoods Software WebLibrarian SQL Injection Vulnerability
Deepwoods Software WebLibrarian is a book management system plugin for use in WordPress from Deepwoods Software, USA. A SQL injection vulnerability exists in the 'AllBarCodes' function in Deepwoods Software WebLibrarian 3.5.2 and earlier versions. The vulnerability stems from a lack of validation...
D-Link Central WiFi Manager (CWM-100) Arbitrary SQL Command Query Vulnerability
D-Link Central WiFi Manager CWM-100 is a Web-based wireless access point management tool. An arbitrary SQL command query vulnerability exists in D-Link Central WiFi Manager CWM-100 versions prior to 1.03R0100BETA6. The vulnerability stems from a failure to validate input. An attacker can exploit...
The vulnerability of the SiTex component: The accessible environment of the SiTex tooling development platform allows a attacker to execute arbitrary requests to the database.
The vulnerability of the distributed application development platform SiTex-Dostupnye Sredstvo exists due to the lack of measures to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute any query against the database using a specially...
Library CMS SQL Injection Vulnerability
Library CMS is a management system for corporate and personal use. Library CMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...
Square 9 GlobalForms SQL Injection Vulnerability
Square 9 GlobalForms is a web form management software from Square 9 Softworks. The software collects Web form data and automatically populates it with keywords. A SQL injection vulnerability exists in the 'match' parameter in Square 9 GlobalForms version 6.2.x. A remote attacker could use this...
WordPress SQL Injection Vulnerability (CNVD-2017-34851)
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress WPDB SQL injection vulnerability can be exploited by an attacker to execute arbitrary SQL commands due to...
Wordpress plugin image-gallery-with-slideshow 'imgid' parameter SQL injection vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the Wordpress plugin image-gallery-with-slideshow. A remote attacker can exploit the...
Ideagen Easysite SQL Injection Vulnerability
Ideagen Easysite is a web content management system from Ideagen UK. A SQL injection vulnerability exists in the CInfoService.asmx file of WebServices in Ideagen Easysite version 7.0. The vulnerability can be exploited by remote attackers to execute arbitrary SQL commands via a specially crafted...
WordPress Photo Gallery by WD - Responsive Photo Gallery SQL Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Photo Gallery by WD - Responsive Photo Gallery is one of the image management plugin. A SQL injection vulnerabilit...
phpMyAdmin Elevation of Privilege Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. An elevation of privilege vulnerability exists in phpMyAdmin. An attacker can exploit this vulnerability to connect to an arbitrary MySQL server...
Joomla JomWALL component 'wuid' parameter SQL injection vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'wuid' parameter of the Joomla JomWALL component, which allows remote, unauthenticated attackers to execute arbitrary SQL commands via the parameter...
CVE-2016-6453
A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.30.876...
FOG has multiple vulnerabilities
FOG is a free, open source, computer cloning and management solution. FOG has multiple vulnerabilities that allow input from certain unauthenticated users since parameters in the library function in the FOGManagerController.class.php file are not sanitized. An attacker can leverage this...
CivicRM 4.7b3 SQL Injection
CivicRM extends common CMS platforms WordPress, Drupal with a module to manage Civic campaigns, tracking donors, amounts, and campaign CRM type activity. I tested the WordPress integration of CivicRM 4.7b3 which was found to have blind SQL Injections that allow authenticated users to download...
UBUNTU-CVE-2015-4342
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id...