13185 matches found
CVE-2018-6792
Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are jidt118, jidt120, jidt122, jidt124, jidt126, jidt128, and...
Sql injection
Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are jidt118, jidt120, jidt122, jidt124, jidt126, jidt128, and...
CVE-2018-6792
Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are jidt118, jidt120, jidt122, jidt124, jidt126, jidt128, and...
Joomla com_visualcalendar Component SQL Injection (CVE-2018-6395)
An SQL injection vulnerability exists in Joomla comvisualcalendar Component. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
User Control - Unauthenticated SQL Injection
The User Control plugin has a vulnerability that allows every unauthenticated website visitor to perform arbitrary SQL queries...
PACSOne Server 6.6.2 DICOM Web Viewer SQL Injection
Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer SQL Injection Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Version: PACSOne Server 6.6.2 Exploit Author: Carlos Avila Google Dork: inurl:pacs/login.php inurl:pacsone/login.php inurl:pacsone filetype:php home inurl:pacsone...
Sql injection
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledgebase/getarticlesuggestion/...
CVE-2017-17999
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledgebase/getarticlesuggestion/...
CVE-2017-17999
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledgebase/getarticlesuggestion/...
WordPress YITH WooCommerce Wishlist Plugin SQL Injection
An SQL injection vulnerability has been reported in WordPress YITH WooCommerce Wishlist Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Sql injection
Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the 1 email parameter to login.php; the 2 seasonid parameter to themes/flixer/ajax/loadseason.php; the 3 movieid parameter to themes/flixer/ajax/getrating.php; the 4 rating or 5 movie...
CVE-2017-17970
Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the 1 email parameter to login.php; the 2 seasonid parameter to themes/flixer/ajax/loadseason.php; the 3 movieid parameter to themes/flixer/ajax/getrating.php; the 4 rating or 5 movie...
CVE-2017-7997
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the 1 showprn parameter to webapp/users/prnow.jsp or showmonth parameter to 2 webapp/users/blhistory.jsp or 3 webapp/users/prhistory.jsp...
CVE-2014-5071
SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username...
Sql injection
SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username...
CVE-2014-5071
SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username...
CVE-2017-5971
SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands...
Ruby on Rails SQL Injection Vulnerability (CNVD-2018-01347)
Ruby on Rails is a Web application development framework written in the Ruby language. A SQL injection vulnerability exists in the 'reorder' method in Ruby on Rails 5.1.4 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via the 'name' parameter...
Ruby on Rails SQL Injection Vulnerability (CNVD-2018-01350)
Ruby on Rails is a Web application development framework written in the Ruby language. A SQL injection vulnerability exists in the 'findby' method in Ruby on Rails 5.1.4 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via the 'name' parameter...
CVE-2017-17916
SQL injection vulnerability in the 'findby' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...