GPS Tools Component SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the Joomla GPS Tools component. An attacker can exploit the vulnerability t...

CVE-2016-9993

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1992067...

Joomla djcatalog2 Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla djcatalog2 component. An attacker can exploit the vulnerability to access or modify database data...

Joomla JE Form Creator Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla JE Form Creator component, which can be exploited by attackers to access or modify database data...

Vik Booking Component SQL Injection Vulnerability in Joomla!

Joomla! is a globally recognized content management system. vik Booking is a functional plugin based on Joomla! A SQL injection vulnerability exists in the Vik Booking component of Joomla! that can be exploited by attackers to access or modify database data...

CVE-2016-7792

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it...

CVE-2016-7792

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it...

Code injection

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it...

e107 CMS is less than or equal to 2. 1. 2 elevation of privilege vulnerability analysis-vulnerability warning-the black bar safety net

0x00 vulnerability background e107 CMS is a based on PHP, Bootstrap, Mysql, web site content management system, can be widely used for personal blogs, enterprise built station, in the global range more widely. 0x01 vulnerability affects version version 0x02 vulnerability analysis of the environme...

Cybozu Garoon SQL Injection Vulnerability (CNVD-2016-12886)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin boards, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A SQL injection vulnerability...

SQL Servers SQL Injection Obfuscation Techniques (CVE-2014-9239; CVE-2020-10546; CVE-2020-10547; CVE-2020-10548; CVE-2020-10549)

Attackers may use SQL injection techniques in order to execute SQL commands on SQL servers. To avoid detection by security devices, such attackers might use various obfuscation techniques to conceal their actions. Successful exploitation could allow an attacker to disclose confidential informatio...

Ubiquiti UniFi AP AC Lite Database Modification Vulnerability

Ubiquiti UniFi AP AC Lite is a network access point product from Ubiquiti, China. A database modification vulnerability exists in Ubiquiti UniFi AP AC Lite version 5.2.7, which can be exploited by an attacker to directly modify the database...

CVE-2016-3914

Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open...

Race condition

Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open...

Navis WebAccess SQL Injection Vulnerability

Navis WebAccess is a set of Web-based applications from Navis, Inc. that provide cross-endpoint access to transaction data through a Web browser. A SQL injection vulnerability exists in Navis WebAccess, which arises from the program's failure to adequately filter user-submitted input before...

PHPBack SQL Injection Vulnerability

PHPback is an open source web application feedback system that provides users with feedback on issues and suggestions to help improve the site. A SQL injection vulnerability exists in the 'orderby' parameter in PHPBack version 3.0. Allow attackers to exploit the vulnerability to modify the conten...

Multiple Vulnerabilities in ManageEngine Firewall Analyzer

ManageEngine Firewall Analyzer is a web-based firewall log analysis tool from Zoho that collects, correlates, and reports on enterprise-wide logs from firewalls, proxy servers, and Radius servers. Elevation of privilege and SQL injection vulnerabilities exist in ManageEngine Firewall Analyzer,...

ManageEngine Firewall Analyzer 'runQuery.do' SQL Injection Vulnerability

ZOHO ManageEngine Firewall Analyzer is a web-based firewall log analysis tool from ZOHO that collects, correlates, and reports on enterprise-wide logs from firewalls, proxy servers, and Radius servers. A SQL injection vulnerability exists in ZOHO ManageEngine Firewall Analyzer, which stems from t...

SUSE-SU-2016:0429-1 Security update for krb5

This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database bsc963968 - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash bsc963964 -...

Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery

Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current version. Vulnerability Type: ===================...