mcart.xls Bitrix Module 6.5.2 - SQL Injection

mcart.xls Bitrix Module 6.5.2 - SQL Injection Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015...

mcart.xls Bitrix Module 6.5.2 - SQL Injection

Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Public Disclosure: January 13, 2016 Vulnerabilit...

Sql injection

SQL injection vulnerability in Cisco Unified Communications Manager 11.00.98000.225 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767...

CVE-2015-6433

SQL injection vulnerability in Cisco Unified Communications Manager 11.00.98000.225 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767...

CVE-2015-6433

CVE-2015-6433 describes an SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225). An authenticated remote user can exploit a crafted URL to execute arbitrary SQL commands on the backend. The issue stems from improper validation of user-supplied input in SQL queries...

CVE-2015-5023

SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-5049

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Sql injection

Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 searchcolumn or 2 switch parameter...

Sql injection

SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL...

CVE-2015-6004

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via 1 the UniqueID aka sUniqueID parameter to WrFreeFormText.asp in the Reports component or 2 the Find Device parameter...

CVE-2015-6004

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via 1 the UniqueID aka sUniqueID parameter to WrFreeFormText.asp in the Reports component or 2 the Find Device parameter...

CVE-2015-8369

SQL injection vulnerability in include/topgraphheader.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rraid parameter in a properties action to graph.php...

Sql injection

SQL injection vulnerability in include/topgraphheader.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rraid parameter in a properties action to graph.php...

CVE-2015-8369

SQL injection vulnerability in include/topgraphheader.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rraid parameter in a properties action to graph.php...

CVE-2015-8377

SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selectedgraphsarray parameter in a save action...

WordPress Pretty Link Lite Plugin <= 1.6.7 - SQL Injection

Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Upgrade the plugin...

The vulnerability of the Cisco Secure Access Control System’s access control system allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the Solution Engine component of the Cisco Secure Access Control System relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted URL...

SQL Injection in orion.extfeedbackform Bitrix Module

High-Tech Bridge Security Research Lab discovered two vulnerabilities in orion.extfeedbackform Bitrix module, can be exploited to execute arbitrary SQL queries and obtain potentially sensitive data, modify information in database and gain complete control over the vulnerable website. All discover...

ManageEngine Applications Manager CommonAPIUtil enableDisableAlarmsAction SQL Injection

An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the resourceid and haid parameters when processing requests using the enableDisableAlarmsAction method of the CommonAPIUtil class. By sending crafted request message...