SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory 20151022-0 ======================================================================= title: Multiple critical vulnerabilities product: Lime Survey vulnerable version: 2.05 up to 2.06+ Build 151014 fixed version: 2.06+ Build 151016 CVE number: impact:...

Joomla SQL Injection Vulnerability (CNVD-2015-06804)

Joomla is a content management system, developed with PHP + MySQL database, running on Linux, Windows, MacOSX, Solaris and many other platforms. Joomla has been disclosed to have a SQL injection vulnerability, the comprehensive use of the vulnerability, attackers can obtain the website database...

SQL Injection Vulnerability in Guangzhou Shengqi Computer E-Government System

Shengqi is China's first professional high-tech enterprise integrating research, development and technical service of intelligent management system for state-owned assets. SQL injection vulnerability exists in Centec's e-government system. By comprehensively exploiting the vulnerability, an...

ManageEngine ServiceDesk Plus Multiple Vulnerabilities (Oct 2015)

ManageEngine ServiceDesk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Web Reference Database SQL Injection Vulnerability

Web Reference Database is a web-based multi-user interface product that provides search tools and automatic indexing for managing scientific literature. A security vulnerability in the Web Reference Database install.php script handling the 'defaultCharacterSet' parameter allows remote attackers t...

SQL Injection Vulnerability in Elephant Swarm Website Management System

Elephant Herd Website Management System is a system developed by Century Elephant Herd Culture Communication Beijing Co. There is a generic SQL injection vulnerability in the Elephant Group website management system, and most websites have the same administrative password in the backend, allowing...

CmsTop Media Edition SQL Injection Vulnerability

CmsTop is a content management system CMS for domestic media websites, mainly serving online media, newspapers, magazines, radio and television, government and large and medium-sized enterprises, etc., and has served more than one hundred well-known media websites. There is a SQL injection...

SQL Injection Vulnerability in WebappCode Parameter of Government Website Building System of Beijing Hezheng Software Co.

Government website system is a set of software developed specifically for government websites. A SQL injection vulnerability exists in the webappCode parameter of the government website system belonging to Beijing Hezheng Software Co. The vulnerability allows an attacker to exploit the...

ISPConfig <= 3.0.5.4p7 monitor/show_sys_state.php SQL注入漏洞

因为不完整地过滤导致了SQL注入, 通过HTTP GET方式传递的server参数给了 /monitor/showsysstate.php页面攻击者可以传入任意恶意SQL命令并在数据库中执行该漏洞的成功的利用可以让攻击者获得数据库的读写权限甚至危机整个web应用但是该漏洞此时仍然是一个鸡肋漏洞, 因为攻击者要进行此攻击必须是认证通过的用户而且还需要有monitor权限然而, 结合CSRF Cross-Site Request Forgery in ISPConfig:...

SQL Injection Vulnerability in Panmicro E-office /E-mobile/flow/flowtype_free.php Parameter

Panmicro E-office is an OA product launched by Panmicro for small and medium-sized organizations. A SQL injection vulnerability exists in the Panmicro E-office /E-mobile/flow/flowtypefree.php parameter, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Cloud Recording and Broadcasting Platform of Beijing Hanboer Information Technology Co.

The Cloud Recording Platform is a platform that automatically uploads lessons recorded through multimedia teaching recording technology. A SQL injection vulnerability exists in the Cloud Recording Platform of Beijing Humber Information Technology Co. An attacker can use it to obtain sensitive...

SQL Injection Vulnerability in Online Conference System of Beijing Gobit Technology Co.

Online meeting system Beijing Gobitech Technology Co. A SQL injection vulnerability exists in the Online Conference System of Beijing Gobitech Technology Co. The parameter deptid is injected, which can be used by an attacker to launch an attack and obtain sensitive information from the database...

SQL Injection Vulnerability in Enterprise Intelligence's Network Office Management Expert System

Network Office Management Expert System is a network office system with a great deal of specialized knowledge. A SQL injection vulnerability exists in the Network Office Management Specialist System, which is owned by Enterprise Intelligence. It allows attackers to exploit the vulnerability to ga...

CMS System SQL Injection Vulnerability of Jiangsu NetShen E-commerce Technology Co.

Jiangsu net god e-commerce technology limited company is the current domestic development of earlier, larger, wider service network of a network of basic application service providers for enterprises and institutions to provide domain name registration, web hosting, enterprise post office, websit...

SQL Injection Vulnerability in HODE-CMS Website Management Platform

Nanjing SidiMed Software Co., Ltd. is a joint-stock private enterprise mainly focusing on application software development, and is committed to the development and promotion of software application platform technology. SQL injection vulnerability exists in HODE-CMS website management platform. An...

Xceedium Xsuite Arbitrary Access to Root User Vulnerability

Xceedium Xsuite is a unified identity management solution from Xceedium that provides access control, monitoring and logging capabilities for hybrid cloud environments. The solution supports access control policies based on roles or individual users. Xceedium Xsuite has a security vulnerability d...

JeeCMS Government Service Center Member Reservation SQL Injection Vulnerability

JEECMS is the domestic Java version of the open source web content management system java cms, jsp cms for short. JeeCMS Government Government Service Center , member reservation function SQL injection vulnerability exists. Allow attackers to exploit the vulnerability to obtain sensitive...

Multiple SQL Injection Vulnerabilities in Cacti

Cacti is a set of open source network traffic monitoring and analysis tools. Cacti suffers from multiple SQL injection vulnerabilities. Due to the program's failure to properly filter user-supplied input before using it in a SQL query. Allowing an attacker to compromise the application, access or...

Vulnerabilities Identified in Several WordPress Plugins

Researchers have identified a handful of vulnerabilities present in three different plugins used by the content management system WordPress. The issues, most of which are cross-site scripting XSS vulnerabilities, could give some users administrative privileges, warns dxw Security, a British firm...

Koha SQL Injection Vulnerability

Koha is the first open source library automation system. Koha suffers from an SQL injection vulnerability that could be exploited by an attacker to access or modify database data...