Lucene search
K

206 matches found

CNVD
CNVD
added 2019/11/20 12:0 a.m.4 views

Redmine SQL Injection Vulnerability

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A SQL injection vulnerability exists in Redmine. The vulnerability stems from a lack of validation o...

6.5CVSS8.2AI score0.04338EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2019/10/09 12:0 a.m.5 views

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

9CVSS5.9AI score0.02965EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/08/27 12:0 a.m.2 views

WordPress gallery-photo-gallery plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. gallery-photo-gallery is a responsive gallery plugin used in it. A SQL injection vulnerability exists in the WordPress...

9.8CVSS8AI score0.01815EPSS
Exploits0References1
0day.today
0day.today
added 2019/08/21 12:0 a.m.35 views

CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop Vulnerability

Exploit for linux platform in category web applications Exploit Title : CWP CentOS Control Web Panel Arbitrary database dropping Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user...

5.5CVSS6.6AI score0.01858EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/08/20 12:0 a.m.158 views

CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop

Exploit Title : CWP CentOS Control Web Panel Arbitrary database dropping Date : 24 Jul 2019 Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only available for lastest versi...

5.5CVSS0.1AI score0.01858EPSS
Exploits3
CNVD
CNVD
added 2019/07/16 12:0 a.m.4 views

Deepwoods Software WebLibrarian SQL Injection Vulnerability

Deepwoods Software WebLibrarian is a book management system plugin for use in WordPress from Deepwoods Software, USA. A SQL injection vulnerability exists in the 'AllBarCodes' function in Deepwoods Software WebLibrarian 3.5.2 and earlier versions. The vulnerability stems from a lack of validation...

6.5CVSS8.2AI score0.01427EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/08 12:0 a.m.3 views

D-Link Central WiFi Manager (CWM-100) Arbitrary SQL Command Query Vulnerability

D-Link Central WiFi Manager CWM-100 is a Web-based wireless access point management tool. An arbitrary SQL command query vulnerability exists in D-Link Central WiFi Manager CWM-100 versions prior to 1.03R0100BETA6. The vulnerability stems from a failure to validate input. An attacker can exploit...

9.8CVSS8.1AI score0.68019EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2019/05/06 12:0 a.m.3 views

The vulnerability of the SiTex component: The accessible environment of the SiTex tooling development platform allows a attacker to execute arbitrary requests to the database.

The vulnerability of the distributed application development platform SiTex-Dostupnye Sredstvo exists due to the lack of measures to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute any query against the database using a specially...

10CVSS5.8AI score
Exploits0Affected Software1
CNVD
CNVD
added 2018/06/13 12:0 a.m.2 views

Library CMS SQL Injection Vulnerability

Library CMS is a management system for corporate and personal use. Library CMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...

8.5AI score
Exploits0References1
CNVD
CNVD
added 2018/04/03 12:0 a.m.1 views

Square 9 GlobalForms SQL Injection Vulnerability

Square 9 GlobalForms is a web form management software from Square 9 Softworks. The software collects Web form data and automatically populates it with keywords. A SQL injection vulnerability exists in the 'match' parameter in Square 9 GlobalForms version 6.2.x. A remote attacker could use this...

7.5CVSS8.4AI score0.01788EPSS
Exploits3References1
CNVD
CNVD
added 2017/09/21 12:0 a.m.2 views

WordPress SQL Injection Vulnerability (CNVD-2017-34851)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress WPDB SQL injection vulnerability can be exploited by an attacker to execute arbitrary SQL commands due to...

8.5AI score
Exploits0References1
CNVD
CNVD
added 2017/09/15 12:0 a.m.4 views

Wordpress plugin image-gallery-with-slideshow 'imgid' parameter SQL injection vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the Wordpress plugin image-gallery-with-slideshow. A remote attacker can exploit the...

9.8CVSS8.5AI score0.02907EPSS
Exploits1References1
CNVD
CNVD
added 2017/09/04 12:0 a.m.5 views

Ideagen Easysite SQL Injection Vulnerability

Ideagen Easysite is a web content management system from Ideagen UK. A SQL injection vulnerability exists in the CInfoService.asmx file of WebServices in Ideagen Easysite version 7.0. The vulnerability can be exploited by remote attackers to execute arbitrary SQL commands via a specially crafted...

9.8CVSS10AI score0.01407EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/21 12:0 a.m.3 views

WordPress Photo Gallery by WD - Responsive Photo Gallery SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Photo Gallery by WD - Responsive Photo Gallery is one of the image management plugin. A SQL injection vulnerabilit...

7.2CVSS7.5AI score0.01593EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/18 12:0 a.m.7 views

phpMyAdmin Elevation of Privilege Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. An elevation of privilege vulnerability exists in phpMyAdmin. An attacker can exploit this vulnerability to connect to an arbitrary MySQL server...

8.8CVSS8.6AI score0.01334EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/20 12:0 a.m.2 views

Joomla JomWALL component 'wuid' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'wuid' parameter of the Joomla JomWALL component, which allows remote, unauthenticated attackers to execute arbitrary SQL commands via the parameter...

8.8AI score
Exploits0References1
OSV
OSV
added 2016/11/03 9:59 p.m.3 views

CVE-2016-6453

A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.30.876...

7.3CVSS6.1AI score0.01102EPSS
Exploits0References3
CNVD
CNVD
added 2016/07/21 12:0 a.m.3 views

FOG has multiple vulnerabilities

FOG is a free, open source, computer cloning and management solution. FOG has multiple vulnerabilities that allow input from certain unauthenticated users since parameters in the library function in the FOGManagerController.class.php file are not sanitized. An attacker can leverage this...

8.1AI score
Exploits0References1
Packet Storm
Packet Storm
added 2016/04/10 12:0 a.m.29 views

CivicRM 4.7b3 SQL Injection

CivicRM extends common CMS platforms WordPress, Drupal with a module to manage Civic campaigns, tracking donors, amounts, and campaign CRM type activity. I tested the WordPress integration of CivicRM 4.7b3 which was found to have blind SQL Injections that allow authenticated users to download...

0.5AI score
Exploits0
OSV
OSV
added 2015/06/17 6:59 p.m.4 views

UBUNTU-CVE-2015-4342

SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id...

7.5CVSS7.7AI score0.03227EPSS
Exploits0References3
Rows per page
Query Builder