CVE-2019-4650

IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961...

CVE-2020-3184

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates...

SAP Adaptive Server Enterprise SQL Injection Vulnerability (CNVD-2020-29750)

SAP Adaptive Server Enterprise is a relational database server from SAP. A SQL injection vulnerability exists in SAP Adaptive Server Enterprise. An attacker could exploit this vulnerability by executing specially crafted query statements to elevate privileges, modify database objects, or execute...

CVE-2020-6253

Under certain conditions, SAP Adaptive Server Enterprise Web Services, versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL...

Centreon 19.10.5 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Centreon 19.10.5 - 'id' SQL Injection Exploit Author: Basim alabdullah Vendor Homepage: https://www.centreon.com Software Link: https://download.centreon.com/ Version: v.19.10.5 Tested on: Centos 5 EXECUTIVE SUMMARY Centreon has...

Aruba Networks ClearPass Access Control Error Vulnerability

Aruba Networks ClearPass is an access management system from Aruba Networks that integrates network control, application and device management capabilities. A security vulnerability exists in Aruba Networks ClearPass versions 6.8.x prior to 6.8.4 and 6.7.x prior to 6.7.13. An attacker could explo...

Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential validation vulnerability (CVE-2019-4518)

Summary IBM Financial Transaction Manager for Check Services FTM CHK for Multi-Platform has addressed the following vulnerability. A potential validation vulnerability does not properly validate input which could allow an authenticated user to issue server commands or modify data in the database...

Sql injection

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-e...

CVE-2019-15972

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. ...

Sql injection

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. ...

CVE-2019-15972 Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. ...

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

CVE-2017-15365

It was discovered that MariaDB could replicate certain data definition language DDL commands to other cluster nodes despite an access control check failure. A user with an SQL access to the server could possibly use this flaw to perform database modification on certain cluster nodes without havin...

CVE-2019-16383

MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker...

UBUNTU-CVE-2019-16391

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiseraction.php...

PT-2019-4106 · Spip +1 · Spip +1

Name of the Vulnerable Software and Affected Versions: SPIP versions prior to 3.1.11 SPIP versions 3.2 prior to 3.2.5 Description: The issue is related to improper authorization in the SPIP content management system. It allows a remote attacker to compromise data integrity. Specifically, the...

CVE-2019-4147

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413...

WordPress Plugin JoomSport 3.3 - SQL Injection

Exploit Title: JoomSport 3.3 – for Sports - SQL injection Google Dork: intext:powered by JoomSport - sport WordPress plugin Date:29/07/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://beardev.com/ Software Link: https://wordpress.org/plugins/joomsport-sports-league-results-management...

CVE-2019-14348

The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsportseason/new-yorkers/?action=playerlist sid parameter...

CVE-2019-7889

An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data o...