CVE-2017-12364

A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An...

Sql injection

A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An...

Cisco Prime Service Catalog SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could...

Sql injection

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-suppli...

Trend Micro Control Manager CCGIServlet IDTB_GroupName SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

Trend Micro Control Manager CCGIServlet KnownAttackDetectionResult SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

Trend Micro Control Manager CCGIServlet EmailMessageDetected parameters SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

Trend Micro Control Manager CCGIServlet IDCB_SuspiciousThreat SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

Trend Micro Control Manager ProgressReportCGI SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

Trend Micro Control Manager CCGIServlet ID_HIDDEN_UG_STR SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

Trend Micro Control Manager cgiCMUIDispatcher ScheduleDownloadSavedEnableList SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

Trend Micro Control Manager CCGIServlet SHA1DenyDetectionResult SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

Trend Micro Control Manager CCGIServlet CorrelatedIncidentResult SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

Trend Micro Control Manager cgiCMUIDispatcher Login Token SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

EMC AppSync Apollo REST Services SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Appsync. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within Apollo REST...

Advantech WebAccess rmTemplate SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed. The specific flaw exists within rmTemplate.aspx. The vulnerability is caused by la...

Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerLicenseManager.dll when executing opcode 0x3b21. The issue result...

Trend Micro Control Manager cmdHandlerNewReportScheduler SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerNewReportScheduler.dll when executing opcode 0x4707. The issue...

Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerStatusMonitor.dll when executing opcode 0x6b1b. The issue results...