SQL Injection Vulnerability in Website Building System of Guangzhou Shuntian Computer Technology Co.

Shun Tian Technology is a domestic senior network technology service provider, with international leading website development technology, e-commerce technology, website full range of promotional technology and attentive after-sales customer service team. Guangzhou Shuntian Computer Technology Co....

Schneider Electric U.motion Builder loadtemplate remote code execution vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder loadtemplate. The underlying SQLite database query requires SQL injection on the tpl input parameter. A remote attacker could exploit this...

XenMobile Server is in recovery mode "application failed to start"

Could be observed in multiple scenarios 1. Unable to access one of the node in the cluster. 2. Server went into recovery mode while upgrading or applying patch 3. Server went into recovery mode when the database is not accessible 4. SQLserverran out of space for log drive Node in recovery mode an...

Joomla COM_FWZ_EVENTS SQL Injection Vulnerability

Joomla is an open source, cross-platform content management system CMS developed using PHP and MySQL. A SQL injection vulnerability exists in Joomla COMFWZEVENTS version 1.0, which can be exploited by attackers to obtain sensitive database information...

SQL injection vulnerability in the keyword parameter of KesionCMS KS.LogPoint.asp page

KesionCMS is Xiamen Kesion Software Co., Ltd. developed a set of universal station-building system. A SQL injection vulnerability exists in the keyword parameter of KesionCMS KS.LogPoint.asp page. Because the background page KS.LogPoint.asp does not strictly filter the parameter keyword, an...

Multiple SQL Injection Vulnerabilities in Cisco Unified Communications Domain Manager

Cisco Unified Communications Manager is a call processing component of a Cisco IP telephony solution. Multiple SQL injection vulnerabilities exist in Cisco Unified Communications Domain Manager. A failure of the program to properly filter user-supplied data prior to an SQL query could allow an...

Dolibarr < 5.0.3 SQLi Vulnerability

Dolibarr is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dolibarr:dolibarr";...

WSTMALL Mall System v1.9.2 SQL Injection Vulnerability in pkey Parameter

WSTMall is a multi-commercial O2O open source system developed by Merchant Software based on thinkphp , is a system that can help businesses and individuals to quickly build a community service system . WSTMALL mall system V1.9.2 version of the pkey parameter there is a SQL injection vulnerabilit...

WSTMALL Mall System v1.9.2 SQL Injection Vulnerability in viewGoods Parameter

WSTMall is a multi-commercial O2O open source system developed by Merchant Software based on thinkphp , is a system that can help businesses and individuals to quickly build a community service system . WSTMALL mall system version V1.9.2 viewGoods parameter SQL injection vulnerability, the...

tpshop2.0 foreground exists sql injection vulnerability

TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . tpshop2.0 foreground there is a sql injection vulnerability , allowing attackers to exploit the vulnerability to obtain sensitive...

Parameters in userinfo.php in Shield Spirit public number promotion system v1.3 have sql injection vulnerabilities

Shield Spirit public number promotion system is mainly applied to public number promotion alliance, suitable for personal and business subscription number and service number or enterprise number. Shield Spirit public promotion system v1.3 userinfo.php parameters in the existence of sql injection...

WordPress Huge-IT Video Gallery Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. A SQL injection vulnerability exists in the WordPress Huge-IT Video Gallery plugin. The vulnerability allows attackers to access, modif...

Joomla VideoFlow SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in Joomla VideoFlow. An attacker can exploit this vulnerability to gain access to sensitive database information...

INFOR EAM 11.0 Build 201410 - filtervalue SQL Injection

INFOR EAM 11.0 Build 201410 - filtervalue SQL Injection SQL injection in INFOR EAM V11.0 Build 201410 search fields web/base/.. via filtervalue parameter ------------------- Assigned CVE: CVE-2017-7952 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to any page with ...

Personify360 7.5.27.6.1 - Improper Database Schema Access Restrictions

Personify360 7.5.27.6.1 - Improper Database Schema Access Restrictions Exploit Title: Discover all tables and columns in database when creating new customer role Date: 3/29/2017 Exploit Author: Pesach Zirkind Vendor Homepage: https://personifycorp.com/ Version: 7.5.2 - 7.6.1 Tested on: Windows al...

SQL Injection Vulnerability in the Content Parameter of smsreportxiang.jsp File on ECS Customer Management Platform

Enterprise letter is the use of java development of a special tailored to the enterprise customer value-added SMS business, enterprise customers in the use of computers at the same time can be completed with the production of office combined with the internal SMS communication. SQL injection...

WordPress WebDorado Gallery 1.3.29 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Source: http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf DefenseCode ThunderScan SAST Advisory WordPress WebDorado Gallery Plugin - SQL Injection Vulnerability Advisory ID: DC-2017-02-011 Software...

WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection

WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection Source: http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf DefenseCode ThunderScan SAST Advisory WordPress WebDorado Gallery Plugin - SQL Injection Vulnerability Advisory ID: DC-2017-02-011...

osCommerce TemplateMonster Plugin SQL Injection Vulnerability

osCommerce is an open source e-commerce program. A SQL injection vulnerability exists in the idtag parameter in the tagproducts.php page of the osCommerce plugin TemplateMonster. An attacker can exploit the vulnerability to inject or manipulate SQL queries in the backend database to obtain...

CVE-2017-6564

The CVE-2017-6564 vulnerability affects Franklin Fueling Systems TS-550 evo version 2.3.0.7332. The Guest user (lowest privileges) can post to the idSourceFileName parameter under the /download directory, enabling download of sensitive system files such as databases. This is an information disclo...