IBM Sterling B2B Integrator Information Disclosure Vulnerability (CNVD-2016-00155)

IBM Sterling B2B Integrator supports highly secure integration of complex B2B processes with diverse partner communities. An information disclosure vulnerability exists in IBM Sterling B2B Integrator 5.2. Allows a local user to obtain sensitive plaintext web service information by exploiting...

Design/Logic Flaw

IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access...

CVE-2015-7438

IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access...

SQL Injection Vulnerability in Broadband Authentication and Billing System of Chengdu Starry Blue Ocean Network Technology Co.

Blue Ocean Premier Broadband Access Gateway is a specialized intelligent device for Ethernet broadband access. SQL injection vulnerability exists in the broadband authentication billing system of Chengdu Starry Blue Ocean Network Technology Co., Ltd. There is an injection point in the back-end...

WordPress Welcart plugin SQL injection vulnerability (CNVD-2015-08468)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites on PHP and MySQL servers.Welcart is one of the plug-ins used to create shopping sites. A SQL injection vulnerability exists in WordPress Welcart...

Multiple Vulnerabilities in the Program Management System of Zhengzhou Wecom Technology Co.

WKM Technology is is a broadband network multimedia application system solutions and equipment providers, system integrators and information service providers, is the Beidou timing application system solutions and equipment providers, the main business of education informatization, party members ...

SQL Injection in Osclass

High-Tech Bridge Security Research Lab discovered a high-risk SQL injection vulnerability in Osclass, a popular web-based software for building customized classifieds marketplace. The vulnerability can be exploited to gain access to potentially sensitive information in the application database an...

Cisco Videoscape Distribution Suite Service Manager Security Bypass Vulnerability

Cisco Videoscape Distribution Suite Service Manager is a suite of reporting and analysis tools for VDS products from Cisco in the United States. Cisco Videoscape Distribution Suite Service Manager fails to use RBAC control over back-end database access in real-time, allowing remote attackers to...

Ipswitch WhatsUp Gold SQL Injection Vulnerability

Ipswitch WhatsUp Gold is a unified suite of infrastructure and application monitoring software. IPswitch WhatsUp Gold suffers from a SQL injection vulnerability. Failure to properly filter the 'UniqueID' parameter allows remote attackers to exploit the vulnerability to submit specially crafted SQ...

LOCKON EC-CUBE BbAdminViewsControl Plugin SQL Injection Vulnerability

LOCKON EC-CUBE is a set of open source e-commerce website building platform. bbAdminViewsControl is one of the backend screen management plugin. LOCKON EC-CUBE BbAdminViewsControl suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting...

CVE-2015-6417

Cisco Videoscape Distribution Suite Service Manager VDS-SM 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via 1 the GUI or 2 a crafted HTTP request, aka Bug ID CSCuv87025...

CVE-2015-6417

CVE-2015-6417 affects Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier. The root cause is failure to consistently enforce RBAC for the back-end database, enabling an authenticated remote user to read and write database entries via the GUI or a crafted HTTP request. T...

UFIDA Software TruboCRM Management System SQL Injection Vulnerability

TruboCRM Management System is a customer relationship management system. A SQL injection vulnerability exists in UFIDA Software TruboCRM Management System, which allows attackers to exploit the vulnerability to gain access to sensitive database information...

SQL Injection Vulnerability in Fujian Sichuang Flash Flood Monitoring and Warning System

Fujian SiChuang Software Co., Ltd. is a technology-based enterprise dedicated to the cause of disaster prevention and mitigation in China. A SQL injection vulnerability exists in Fujian SiChuang's flash flood monitoring and early warning system, which allows attackers to utilize commonly used SQL...

SQL Injection Vulnerability in Panmicro Collaborative Business System

Panavision Collaborative Business System is a complete enterprise collaborative work platform. A SQL injection vulnerability exists in the full version of Panmicro Collaborative Business System, which allows attackers to exploit the vulnerability to obtain sensitive information from the database...

CIS Manager SQL Injection Vulnerability

CIS Manager is a content management system. CIS Content Management System 2015-Q4 default.php fails to properly handle the TroncoID parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

SQL Injection Vulnerability in Creative Yingfeng School Office OA System

Think Yingfeng School Office OA System is a comprehensive school management platform. A SQL injection vulnerability exists in versions 3.99 and earlier of the Creative Yingfeng School Office OA System. It allows attackers to exploit the vulnerability to obtain sensitive database information...

The vulnerability of the MySQL database management system allows a hacker to gain access to the database management system or execute arbitrary code.

The vulnerability of the DML sub-component of the MySQL database management system is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the MySQL Server or execute arbitrary code...

Techno Project Japan Enisys Gw SQL Injection Vulnerability

Techno Project Japan Enisys Gw is an open source groupware software from Techno Project Japan. A SQL injection vulnerability exists in Techno Project Japan Enisys Gw. The vulnerability allows remote attackers to submit specially crafted SQL queries or obtain database data...

CVE-2000-1199

PostgreSQL stores usernames and passwords in plaintext in 1 pgshadow and 2 pgpwd, which allows attackers with sufficient privileges to gain access to databases...