90 matches found
CVE-2018-12039
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...
Web servers PHPMyAdmin Suspicious Table Hyperlink (CVE-2017-1000499)
A PhpMyAdmin user could be subject to a phishing attack. This is due to the way PhpMyAdmin handles modify requests. A successful attack could lead to malicious SQL command execution...
(0Day) Schneider Electric U.motion Builder SOAP Request Remote SQL Command Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary SQL commands on vulnerable installations of Schneider Electric U.Motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of SOAP requests by the web service. The system...
weaver 0A系统在com.eweaver.base.DataAction处存在任意SQL命令执行漏洞
No description provided by source...
Mango Automation Multiple Vulnerabilities
Mango Automation is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
JSPMySQL Administrador CSRF & XSS Vulnerabilities
JSPMySQL Administrador,通过基于jsp技术的B/S模式来远程管理MySQL数据库。下载链接:https://sites.google.com/site/mfpledon/producao-de-software影响版本:JSPMySQL Administrador V.1漏洞类型:CSRF、XSS漏洞等级: 高危CVE-ID:N/A披露时间:供应商通知:2015年8月31日公开披露:2015年9月4日漏洞详情:1)允许远程攻击者在没有CSRF令牌的情况下,在MySQL数据库中执行任意的SQL命令。2)listabd2.jsp中存在XSS的切入点。请求方法:POST ...
ArticleFR 11.06.2014 - 'data.php' Privilege Escalation
Advisory ID: HTB23219 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 11.06.2014 and probably prior Tested Version: 11.06.2014 Advisory Publication: June 11, 2014 without technical details Vendor Notification: June 11, 2014 Public Disclosure: July 30, 2014 Vulnerability Type:...
PT-2012-6157 · Sinapsi +1 · Sinapsi Esolar Light Photovoltaic System Monitor +3
Name of the Vulnerable Software and Affected Versions: Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.28...
kesionCMS 8.0 background holding shell vulnerability-vulnerability warning-the black bar safety net
Some time ago Ghost brother, made a kesion arbitrary download vulnerability on the holding shell further generations. In fact, take the shell was very simple. Method of much is. Just a brother to me get a shell, I just made a to get the shell methods for your reference. The point of sql command...
Debian DSA-2418-1 : postgresql-8.4 - several vulnerabilities
Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked. This...
DSA-2418-1 postgresql-8.4 - several
Bulletin has no description...
Oracle Database Server Multiple Unspecified Vulnerabilities
Oracle database server is prone to SQL command execution vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2010-5022
SQL injection vulnerability in the JExtensions JE Story Submit comjesubmit component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php...
PHP-Nuke Multiple Vulnerabilities
PHP-Nuke is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpnuke:php-nuke"; ifdescription...
CVE-2010-4639
CVE-2010-4639 corresponds to a SQL injection vulnerability in the MySource Matrix product, specifically in index.php where the id parameter can be manipulated to execute arbitrary SQL commands remotely. The entry has a CVSS v2 base score of 7.5 (HIGH) with network attack vector, low complexity, a...
Sql injection
SQL injection vulnerability in profil.php in Mafya Oyun Scrpti aka Mafia Game Script allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2010-1595
Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the 1 c, 2 val1, or 3 ongletbis parameter...
Sql injection
SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter...
Multiple Vulnerabilities: LedgerSMB < 1.2.15
Multiple vulnerabilities: LedgerSMB Synopsis: Two vulnerabilities announced in LedgerSMB for versions prior to 1.2.15 Status: Corrected in version 1.2.15 and later vendor fix available. Impact: Resource exhaustion on server, arbitrary SQL command execution. Other software affected: SQL-Ledger, al...
DSA-1633-1 slash - multiple vulnerabilities
Bulletin has no description...