Advantech WebAccess BWSCADASoap Login Method SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Advantech WebAccess. The specific flaw exists within processing of the Login method of the BWSCADASoap entry point. When parsing the ProjectName and Username elements, the process does not properly...

Quest NetVault Backup Server Process Manager Service NVBUJobDefinitions Get Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobDefinitions Get method requests. The issue results from t...

Quest NetVault Backup 'NVBUBackup TimeRange' Method SQL Injection Vulnerability

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability in the handling of NVBUBackup TimeRange method requests in Quest NetVault Backup versions prior to 11.4.5 stems from the program's failure to properly detect user-submitted strings pri...

Quest NetVault Backup SQL Injection Vulnerability (CNVD-2017-37640)

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability in the handling of NVBUBackupTargetSet Get method requests in Quest NetVault Backup versions prior to 11.4.5 stems from the program's failure to properly inspect user-submitted strings...

Quest NetVault Backup 'NVBUJobDefinitions Get' Method SQL Injection Vulnerability

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability exists in the handling of NVBUJobDefinitions Get method requests in Quest NetVault Backup, which stems from the program failing to properly detect user-submitted strings before using S...

Quest NetVault Backup SQL Injection Vulnerability (CNVD-2017-37645)

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability in the handling of NVBUPhaseStatus GetPlugins method requests in Quest NetVault Backup versions prior to 11.4.5 stems from the program's failure to properly inspect user-submitted...

Quest NetVault Backup Server Process Manager Service NVBUTransferHistory Get Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method requests. The issue results from...

Quest NetVault Backup Server Process Manager Service NVBUBackup JobList Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests. The issue results from the...

Quest NetVault Backup Server Process Manager Service NVBUBackupOptionSet Get Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method requests. The issue results from...

Quest NetVault Backup Server Process Manager Service NVBUBackup Get Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The issue results from the lack ...

Quest NetVault Backup Server Process Manager Service NVBUBackupTargetSet Get Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method requests. The issue results from...

Quest NetVault Backup Server Process Manager Service NVBUPolicy Get Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The issue results from the lack ...

Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerLicenseManager.dll when executing opcode 0x3b21. The issue result...

Trend Micro Control Manager cmdHandlerNewReportScheduler SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerNewReportScheduler.dll when executing opcode 0x4707. The issue...

Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerStatusMonitor.dll when executing opcode 0x6b1b. The issue results...

Schneider Electric U.motion Builder SOAP Remote Code Execution Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder SOAP. The system allows SOAP requests to execute arbitrary SQL commands. An attacker could exploit the vulnerability to execute arbitrary...

ManageEngine Applications Manager CommonAPIUtil getMGList groupId SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getMGList method of the CommonAPIUtil class. The issue lies in t...

ManageEngine OpManager UpdateProbeUpgradeStatus probeName SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateProbeUpgradeStatus servlet. The issue lies in the failure to sanitize...

Novell Zenworks GetStoredResult.class SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetReRequestData method of the GetStoredResult class. The issue lies in the failur...

Novell Zenworks schedule.ScheduleQuery SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ScheduleQuery method of the schedule class. The issue lies in the failure to...