Trend Micro Control Manager cmdHandlerNewReportScheduler SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerNewReportScheduler.dll when executing opcode 0x4707. The issue...

Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerLicenseManager.dll when executing opcode 0x3b21. The issue result...

Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerStatusMonitor.dll when executing opcode 0x6b1b. The issue results...

Trend Micro Control Manager RestfulServiceUtility.NET SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Investigate endpoint in RestfulServiceUtility.NET.dll. The issue results...

Trend Micro Control Manager RestfulServiceUtility.NET SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SupportTree endpoint in RestfulServiceUtility.NET.dll. The issue results...

SQL Injection

zendframework/zendframework1 is vulnerable to SQL injection. The PDO adapters do not filter null bytes from SQL statements, allowing attackers to leverage this flaw to inject and execute SQL queries...

CVE-2017-6698

A vulnerability in the Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More...

Cisco Prime Infrastructure SQL Injection Vulnerability (cisco-sa-20170621-piepnm2)

A vulnerability in the Cisco Prime Infrastructure PI SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be...

Sql injection

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected...

IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities

IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describe three 3 vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and...

TeamPass < 2.1.25 Multiple Vulnerabilities (Jan 2016)

TeamPass is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:teampass:teampass"; ifdescription...

CVE-2017-3886

CVE-2017-3886 maps to Cisco Unified Communications Manager SQL Injection via the web interface. The vulnerability is triggered by an authenticated administrative user who can execute arbitrary SQL queries, potentially compromising confidentiality. Affected releases include 1.0(1.10000.10) and 11....

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The attacker must be authenticated as an administrative user to execute SQL database queries. The...

IBM Tivoli Storage Manager Server Buffer Overflow Vulnerability

IBM Tivoli Storage Manager Server is a suite of storage management software solutions for the areas of data protection, space management and archiving, business resilience, and disaster recovery from IBM in the United States. The solution reduces the risk of data loss by automating data backup an...

SQL Injection

loopback-connector-postgresql is vulnerable to SQL injection attacks. This is because user-supplied inputs are not properly sanitized before using them in SQL queries, allowing a remote attacker to inject or manipulate SQL queries in the back-end database...

Fedora 24 : phpMyAdmin (2017-294c23bb1d)

Welcome to phpMyAdmin 4.6.6, a release containing security and bug fixes. This release includes many security fixes of various levels of severity. We recommend all users upgrade to this release immediately. For full information on the vulnerabilities fixed and mitigation factors for users who are...

Fedora 25 : phpMyAdmin (2017-360e912fdb)

Welcome to phpMyAdmin 4.6.6, a release containing security and bug fixes. This release includes many security fixes of various levels of severity. We recommend all users upgrade to this release immediately. For full information on the vulnerabilities fixed and mitigation factors for users who are...

Advantech WebAccess 'updateTemplate.aspx' SQL Injection and Authentication Bypass Vulnerabilities

Advantech WebAccess is prone to an SQL injection SQLi vulnerability and an authentication-bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Sophos XG Firewall Controller filter SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos XG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the filter parameter provided to the /userportal/Controller endpoint. T...

WordPress Symposium Plugin SQL Injection (CVE-2015-6522)

An SQL injection vulnerability exists in the WordPress Symposium Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...