CVE-2017-9418

SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php...

WordPress Plugin WP Jobs < 1.5 - SQL Injection

Exploit Title: WordPress Plugin WP Jobs 1.5 - SQL Injection Date: 11-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://en-gb.wordpress.org/plugins/wp-jobs/ Vendor Homepage: http://www.intensewp.com/ Version: 1.4 CVE : CVE-2017-9603 Category: webapps 1...

CVE-2017-2195

SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2017-2195

SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function...

CVE-2016-7803

CVE-2016-7803 is a SQL injection in Cybozu Garoon 3.0.0 through 4.2.2, caused by the MultiReport function. The flaw allows remote authenticated users to execute arbitrary SQL commands against the underlying database. Affected software: Cybozu Garoon 3.0.0–4.2.2 (per multiple sources). Root cause ...

CVE-2017-2195

SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

nuevoMailer 6.0 - SQL Injection

Exploit Title: nuevoMailer version 6.0 and earlier time-based SQL Injection Exploit Author: ALEH BOITSAU Google Dork: inurl:/inc/rdr.php? Date: 2017-06-09 Vendor Homepage: https://www.nuevomailer.com/ Version: 6.0 and earlier Tested on: Linux CVE: CVE-2017-9730 Description: SQL injection...

nuevoMailer 6.0 - SQL Injection

nuevoMailer 6.0 - SQL Injection Exploit Title: nuevoMailer version 6.0 and earlier time-based SQL Injection Exploit Author: ALEH BOITSAU Google Dork: inurl:/inc/rdr.php? Date: 2017-06-09 Vendor Homepage: https://www.nuevomailer.com/ Version: 6.0 and earlier Tested on: Linux CVE: CVE-2017-9730...

CVE-2017-9449

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible ...

WordPress plugin "Multi Feed Reader" vulnerable to SQL injection

Overview The WordPress plugin "Multi Feed Reader" contains an SQL injection vulnerability CWE-89. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker who...

CVE-2017-9427

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is...

Sql injection

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is...

CVE-2017-9427

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is...

WordPress WP-Testimonials SQL Injection

Exploit Title: WP-Testimonials 3.4.1 Union Based SQL Injection Date: 03-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/ Vendor Homepage: http://www.sunfrogservices.com/web-programmer/wp-testimonials/ Version: 3.4.1...

Sql injection

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2017-7236

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

SQL Injection Vulnerability in the Keyword Parameter of Keyword Module of SMiCMS Government Website System

SMi CMS Government Website System is a website system for governments, schools and groups. A SQL injection vulnerability exists in the keyword parameter of the opinion solicitation module of the SMiCMS government website system. Due to insufficient filtering of the parameter, an attacker can...

CVE-2016-4905

SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors...