1361 matches found
CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
Design/Logic Flaw
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
SQL Injection Vulnerability in hdcms Framework rname Parameter
HDCMS is a content management system package written in PHP. A SQL injection vulnerability exists in the rname parameter of the hdcms framework, as the program fails to adequately filter the rname parameter and only does corresponding code auditing on the source code. An attacker is allowed to...
SQL Injection Vulnerability in Doccms
Rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. Doccms SQL injection vulnerability , due...
PHPBack SQL Injection Vulnerability
PHPBack is an open source Web application feedback system . PHPBack suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to manipulate or obtain database data...
TYPO3 without PHP extension SQL injection vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland.Browser - TYPO3 without PHP Browser is one of the extensions that enable browsers to develop TYPO3 without PHP code. A SQL injection vulnerability exists in TYPO3 without...
CVE-2016-1562
The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter...
webSPELL SQL Injection Vulnerability
webSPELL is a WEB-based content management program. A SQL injection vulnerability exists in webSPELL. Input passed to the "/cashbox.php" script via the "payid" HTTP POST parameter is not sufficiently filtered, allowing an attacker to query the application's database and execute arbitrary SQL...
Joomla! com_memorix component 'index.php' SQL Injection Vulnerability
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the Joomla commemorix component 'index.php'. The vulnerability exists becau...
AlegroCart 1.2.8 - Multiple SQL Injections
AlegroCart 1.2.8 - Multiple SQL Injections Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL...
Codoforum has multiple vulnerabilities
Codoforum is a free PHP and MySQL based forum software. A SQL injection vulnerability and a cross-site scripting vulnerability exists in Codoforum version 3.3.1, which can be exploited by an attacker to steal cookie-based authentication, take control of an application, access or modify data, or...
GTLVote 1.1 SQL Injection
Exploit Title: GTLVote 1.1 SQLi Injection Vulnerability. + Discovered By: Jackson Security Engineer @ Panel Solutions + Worried about being attacked by a 0day? We secure your web applications before an attack occurs @ Secure Hosting Solutionhttp://panelsec.com/ + My Homepage: http://panelsec.com/...
ManageEngine Applications Manager CommonAPIUtil getMGDetails Remote Code Execution Vulnerability
ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. A remote code execution...
ManageEngine Applications Manager CommonAPIUtil getAdminMG Remote Code Execution Vulnerability
ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. A remote code execution...
Drupal WikiWiki Module SQL Injection Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A SQL injection vulnerability exists in the Drupal WikiWiki module. It allows remote attackers to execute arbitrary SQL commands...
ROCBOSS 1.1 /module/user.module.class.php SQL注入漏洞
漏洞文件: \module\user.module.class.php 第11行代码: $userInfo=Common::getMemberInfo$this-db,isnumeric$userId ? 'uid' : 'nickname', $userId; 这一行代码进行了数据库查询,关键之处在$userId这个变量上 向上回溯到第10行代码: $userId=isset$GET'id' && trim$GET'id' != '' ? $GET'id' : $this-loginInfo'uid'; 当$GET‘id’被赋值的时候这个参数就能控制了,而且没有进行过滤。...