13183 matches found
Code injection
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service application crash by leveraging the ability to run arbitrary SQL statements such as in certain WebSQL use cases...
Harmis JE Messenger Component SQL Injection Vulnerability in Joomla!
Joomla! is an open source, cross-platform content management system CMS developed by the Open Source Matters team in the United States using PHP and MySQL. Harmis JE Messenger component is used in one of the personal messaging components, which supports incoming and outgoing e-mail and online...
CVE-2019-9918
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database...
CVE-2019-9204
SQL injection vulnerability in Nagios IM component of Nagios XI before 2.2.7 allows attackers to execute arbitrary SQL commands...
CVE-2018-20556
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the bookingid parameter...
CVE-2018-20556
CVE-2018-20556 is a SQL injection vulnerability in the WordPress plugin Booking Calendar (version 8.4.3). The flaw allows an attacker to manipulate the booking_id parameter to execute arbitrary SQL commands on the underlying database, potentially exposing data. Multiple connected sources corrobor...
Sql injection
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the productoption parameter...
Zoho ManageEngine OpManager SQL Injection (CVE-2018-17823; CVE-2018-17283)
An SQL injection vulnerability exists in ManageEngine. This vulnerability is due to insufficient validation of the name parameter when processing requests sent. Successful exploitation could lead to arbitrary SQL code execution in the security context of database service...
Joomla ActivityManager 5.3 SQL Injection
Exploit Title : Joomla ActivityManager Components 5.3 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 04/02/2019 Vendor Homepage : codecanyon.net Software Information Link : codecanyon.net/item/activity-board-activity-manager/634766 Software Versio...
Care2x 2.7 (HIS) Hospital Information System SQL Injection
Exploit Title: Care2x 2.7 HIS Hospital Information system - Multiples SQL Injection Date: 01/17/2019 Software Links/Project: https://github.com/care2x/care2x | http://www.care2x.org/ Version: Care2x 2.7 Exploit Author: Carlos Avila Category: webapps Tested on: Windows 8.1 / Ubuntu Linux Contact:...
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Care2x 2.7 HIS Hospital Information system - Multiples SQL Injection Software Links/Project: https://github.com/care2x/care2x | http://www.care2x.org/ Version: Care2x 2.7 Exploit Author: Carlos Avila Category: webapps Tested on:...
SQL Command Injection By Leveraging Improper Range Quoting
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting...
SQL Command Injection By Leveraging Improper Bitstring Quoting
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresqladapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting...
eBrigade ERP 4.5 SQL Injection
Exploit Title: eBrigade ERP 4.5 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://ebrigade.net/ Software Link: https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade4.5.zip Version: 4.5 Category: Webapps Tested on:...
CVE-2018-16188
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached D5520, D6500, D6510, D7500, D8400, and the display versions with RICOH...
Sql injection
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors...
SQL Injection
dolibarr/dolibarr is vulnerable to SQL injection. A lack of validation on the desiredstock parameter in product/card.php allows a remote authenticated attacker to execute arbitrary SQL commands via an error-based SQL injection vulnerability. This vulnerability could potentially allow for remote...
CVE-2018-19994
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter...
CVE-2018-19998
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter...
CVE-2018-19998
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter...