13184 matches found
Sql injection
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro PMP before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to...
CVE-2015-5452
WatchGuard XCS is affected. The CVE-2015-5452 issue is a SQL injection in WatchGuard XCS 9.2 and 10.0 prior to build 150522. The vulnerability can be triggered by crafting a request to borderpost/imp/compose.php3 that manipulates the sid cookie, allowing remote attackers to execute arbitrary SQL ...
WordPress Booking System Plugin <= 2.0 - Blind SQL Injection
Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands via "language" parameter. Solution Update the plugin...
CVE-2015-4129
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie...
Sql injection
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie...
CVE-2015-4129
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie...
CVE-2015-4129
CVE-2015-4129 is a SQL injection vulnerability in Subrion CMS prior to 3.3.3. The issue arises from processing modified serialized data in a salt cookie, allowing remote authenticated users to execute arbitrary SQL commands. Affected software: Subrion CMS; vulnerable component: cookie serializati...
WordPress Pie Register Plugin <= 2.0.15 - SQL Injection
Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Update the plugin...
Sql injection
SQL injection vulnerability in Cisco Unified MeetingPlace 8.61.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037...
Apple iOS Webkit SQLite authorizer arbitrary SQL function call vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. An insufficient comparison vulnerability in the Apple iOS Webkit SQLite authorizer allows remote attackers to construct a malicious WEB page that can be called with arbitrary SQL functions by tricking the...
CVE-2015-5078
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter...
Sql injection
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter...
Sql injection
SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.11 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325...
CVE-2015-4222
Cisco CVE-2015-4222 affects the Cisco Unified Communications Manager IM and Presence Service, version 9.1(1). A SQL injection flaw in the service’s handling of user input allows an authenticated, remote attacker to execute arbitrary SQL commands via unspecified vectors, potentially impacting conf...
CVE-2015-4713
SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php...
CVE-2015-4678
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter to the default URI...
CVE-2015-4676
SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action...
Sql injection
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter to the default URI...
CVE-2015-4678
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter to the default URI...
CVE-2015-4658
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 usr or 2 pwd parameter...