13184 matches found
Sql injection
SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Sql injection
Multiple SQL injection vulnerabilities in Web Reference Database aka refbase through 0.9.6 allow remote attackers to execute arbitrary SQL commands via 1 the where parameter to rss.php or 2 the sqlQuery parameter to search.php, a different issue than CVE-2015-7382...
Sql injection
SQL injection vulnerability in install.php in Web Reference Database aka refbase through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009...
CVE-2015-6009
The vulnerability is in the Web Reference Database (refbase) prior to or up to version 0.9.6. Concrete details from connected sources show that it suffers SQL injection via (1) the where parameter to rss.php and (2) the sqlQuery parameter to search.php, caused by inadequate input filtering. This ...
Mango Automation 2.6.0 SQL Query Cross Site Request Forgery
Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com/ Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a flexible SCADA, HMI And Automation software application that allo...
Teiko Farol Web Application SQL Injection Vulnerability
Teiko Farol is Teiko's suite of software for monitoring databases, infrastructure and business processes during software development. A SQL injection vulnerability exists in the Teiko Farol web application. A remote attacker could exploit the vulnerability to execute arbitrary SQL commands...
Sql injection
SQL injection vulnerability in the web interface in Cisco Unity Connection 9.11.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824...
Sql injection
SQL injection vulnerability in the BPFINDJOBSWITHPROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
Multiple SQL injection vulnerabilities in dexreservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in a dexreservationscalendarload2 action or 2 dexitem parameter in a...
Sql injection
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php...
CVE-2015-6962
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php...
CVE-2015-6962
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php...
CVE-2015-6829
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 X-Forwarded-For or 2 Client-IP HTTP header...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp...
Sql injection
SQL injection vulnerability in the serendipitycheckCommentToken function in include/functionscomments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipityid parameter to...
CVE-2015-6911
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi...
Sql injection
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi...
Sql injection
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi...
CVE-2015-6910
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi...
CVE-2015-6911
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi...