CVE-2018-6494

HP Service Manager (Web Tier) is affected by a Remote SQL Injection in versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, and 9.51. Root cause indicated as improper input validation in the web tier, enabling an attacker to disclose data. Exploitation details, working exploit code, or ...

PT-2018-17584 · Hewlett Packard · Hp Network Operations Management Ultimate +1

Name of the Vulnerable Software and Affected Versions: HP Network Operations Management Ultimate versions 2017.07 through 2018.02 HP Network Automation versions 10.00 through 10.50 Description: The issue allows for remote SQL injection, which could be exploited to gain unauthorized access...

CVE-2018-8953

CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request...

CVE-2018-9247

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

CVE-2018-7735

Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=listfiletypes request...

CVE-2018-7735

Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=listfiletypes request...

CVE-2018-7734

Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request...

CVE-2017-5814

A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found...

CVE-2017-5814

CVE-2017-5814 is a remote SQL injection authentication bypass affecting HPE Network Automation versions 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The vulnerability stems from a SQL injection flaw used to bypass authentication, enabling an attacker to potentially access the application and back-end data...

CVE-2017-5810

CVE-2017-5810 is a remote SQL injection in HP Network Automation, affecting 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The issue arises in the RedirectServlet due to insufficient sanitization of certain HTTP request parameters, enabling an unauthenticated or remote attacker to inject SQL and potentially...

CVE-2017-5810

A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found...

CVE-2017-14738

FileRun version 2017.09.18 and below suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module under the search function...

WordPress Membership Simplified SQL Injection Vulnerability

WordPress Membership Simplified is a WordPress-specific membership plugin developed by American software developer William. A SQL injection vulnerability exists in the code of the membership-simplified-for-oap-members-only/updateDB.php file in WordPress Membership Simplified version 1.58, which...

Wordpress plugin image-gallery-with-slideshow SQL injection vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Wordpress plugin image-gallery-with-slideshow SQL injection vulnerability, the vulnerability stems from the program failing t...

WordPress Event Expresso Free SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Event Expresso Free is one of the event management plugin. A SQL injection vulnerability exists in WordPress Event...

UBUNTU-CVE-2017-14242

SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter...

CVE-2016-5742

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

dotCMS 'stName' Parameter SQL Injection Vulnerability

dotCMS is a content management system CMS developed in Java. A SQL injection vulnerability exists in the 'stName' parameter in dotCMS versions prior to 3.3.2, which allows remote attackers to execute arbitrary SQL commands via the stName parameter in api/content/save/1...

Schoolhos CMS v2.29 - userberita SQL injection Vulnerability

Document Title: =============== Schoolhos CMS v2.29 - userberita SQL injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1932 Release Date: ============= 2016-11-22 Vulnerability Laboratory ID VL-ID: ==================================...

phpIPAM <= 1.2.1 Multiple Vulnerabilities

phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam"; ifdescription...