545 matches found
CVE-2018-10352
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability...
CVE-2018-10351
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability...
ProjectPier PHP Remote File Inclusion Vulnerability
Project Pier is a free open source project management system . A PHP remote file inclusion vulnerability exists in the public/patch/patch.php file in Project Pier 0.8.8 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands or SQL statements with the...
phpMyAdmin Cross Site Request Forgery
Exploit Title: phpMyAdmin 4.8.0 Drop database 3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer. 4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188...
The vulnerability of the policy.jsp script in the Email Encryption Gateway allows a hacker to execute arbitrary SQL queries.
The vulnerability of the policy.jsp script in the Email Encryption Gateway system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the hidEditld parameter...
CVE-2018-10188
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...
DEBIAN-CVE-2018-10188
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...
CSRF vulnerability allowing arbitrary SQL execution
PMASA-2018-2 Announcement-ID: PMASA-2018-2 Date: 2018-04-17 Summary CSRF vulnerability allowing arbitrary SQL execution Description By deceiving a user to click on a crafted URL, it is possible for an attacker to execute arbitrary SQL commands. Severity We consider this vulnerability to be...
GxlcmsQY Arbitrary PHP Code Execution Vulnerability
Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the 'upsql' function in the \Lib\Lib\Action\Admin\DataAction.class.php file in Gxlcms QY version 1.0.0713. A remote attacker can exploit this vulnerability by executing arbitrary SQL statements with the help of...
CVE-2018-2373
Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0...
[SECURITY] Fedora 26 Update: phpMyAdmin-4.7.7-1.fc26
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Gratipay: Reflected SQL Execution
my friend are the best hackers hackerone.com/rashidziaur hackerone.com/smziaurrashid hackerone.com/s4k16 they teach me how to hack a toaster F234731 Please Giv us $$$$$ for our family we are pooor . please consider this bug in your site F234733...
Anonymous SQL Execution in Oracle Advanced Support
A little over a year ago I was performing a penetration test on a client's external environment. One crucial step in any external penetration test is mapping out accessible web servers. The combination of nmap with EyeWitness make this step rather quick as we can perform port scanning for web...
WordPress wordpress-gallery-transformation SQL Injection Vulnerability
WordPress wordpress-gallery-transformation is a website wallpaper plugin for WordPress. WordPress wordpress-gallery-transformation version 1.0 in . /wordpress-gallery-transformation/gallery.php in version 1.0 contains a SQL injection vulnerability that stems from the program failing to filter the...
WordPress Membership Simplified SQL Injection Vulnerability
WordPress Membership Simplified is a WordPress-specific membership plugin developed by American software developer William. A SQL injection vulnerability exists in the code of the membership-simplified-for-oap-members-only/updateDB.php file in WordPress Membership Simplified version 1.58, which...
Wordpress plugin image-gallery-with-slideshow SQL injection vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Wordpress plugin image-gallery-with-slideshow SQL injection vulnerability, the vulnerability stems from the program failing t...
UBUNTU-CVE-2017-14242
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter...
SQL Shortcode <= 1.1 - Authenticated SQL Execution
It's not an SQL injection actually, it's just executing SQL with an account as low-privileged as a subscriber. The plugin description says it all. This https://blog.sucuri.net/2016/08/sql-injection-vulnerability-ninja-forms.html great article will help understanding how to exploit shortcodes and...
SQL Shortcode <= 1.1 - Authenticated SQL Execution
It's not an SQL injection actually, it's just executing SQL with an account as low-privileged as a subscriber. The plugin description says it all. This https://blog.sucuri.net/2016/08/sql-injection-vulnerability-ninja-forms.html great article will help understanding how to exploit shortcodes and...
Command Execution Vulnerability in Xinqi Online Learning System /ajax/GetForm.ashx Page
Online Learning System is an e-learning platform system developed in . A command execution vulnerability exists in the /ajax/GetForm.ashx page of Xinqi Online Learning System. An attacker can exploit this vulnerability to execute arbitrary SQL statements...