CVE-2016-4905

SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors...

ManageEngine Applications Manager MenuHandlerServlet SQL Injection (CVE-2016-9488)

An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the configid parameter when processing requests sent to MenuHandlerServlet servlet. By sending crafted request messages, a remote unauthenticated attacker can exploi...

MetalGenix GeniXCMS SQL Injection Vulnerability (CNVD-2017-06841)

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A SQL injection vulnerability exists in the inc/lib/Control/Backend/menus.control.php file in MetalGenix...

CVE-2015-7569

SQL injection vulnerability in "yeager/y.php/tabUSERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedirorderby" parameter...

CVE-2015-7569

SQL injection vulnerability in "yeager/y.php/tabUSERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedirorderby" parameter...

CVE-2017-7717

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504...

Sql injection

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504...

CVE-2017-7717

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504...

CVE-2016-2555

SQL injection vulnerability in include/lib/mysqlconnect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php...

CVE-2016-2555

SQL injection vulnerability in include/lib/mysqlconnect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php...

Sql injection

SQL injection vulnerability in include/lib/mysqlconnect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php...

Sql injection

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to 1 mydevice/client/image, 2 admin/client/image, 3...

CVE-2016-2555

ATutor 2.2.1 contains a SQL Injection vulnerability in include/lib/mysql_connect.inc.php. The flaw allows remote attackers to execute arbitrary SQL commands through the searchFriends function in friends.inc.php, as detailed in exploit paths (e.g., Exploit-DB entry 39514) and related Metasploit mo...

Pivotal Cloud Foundry and UAA SQL Injection Vulnerabilities

Pivotal Cloud Foundry PCF and UAA are both products of US-based Pivotal Software. The former is a set of open source Platform-as-a-Service PaaS cloud computing platforms that provide features such as container scheduling, continuous delivery and automated service deployment, while the latter is a...

Sql injection

SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recoverlogin action...

CVE-2016-4893

SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2016-4337

SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recoverlogin action...

CVE-2015-7564

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in an actiononquickicon action to item.query.php or the 2 order or 3 direction parameter in an a connectionslogs, b errorslogs or c accesslogs acti...

Sql injection

Multiple SQL injection vulnerabilities in EyesOfNetwork aka EON 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 bpname, 2 display, 3 search, or 4 equipment parameter to module/monitoringged/gedfunctions.php or the 5 type parameter to...

CVE-2017-6088

Multiple SQL injection vulnerabilities in EyesOfNetwork aka EON 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 bpname, 2 display, 3 search, or 4 equipment parameter to module/monitoringged/gedfunctions.php or the 5 type parameter to...