Trend Micro Control Manager RestfulServiceUtility.NET SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Investigate endpoint in RestfulServiceUtility.NET.dll. The issue results...

Trend Micro Control Manager RestfulServiceUtility.NET SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SupportTree endpoint in RestfulServiceUtility.NET.dll. The issue results...

SQL Injection

zendframework/zendframework1 is vulnerable to SQL injection. The PDO adapters do not filter null bytes from SQL statements, allowing attackers to leverage this flaw to inject and execute SQL queries...

CVE-2017-6698

A vulnerability in the Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More...

Cisco Prime Infrastructure SQL Injection Vulnerability (cisco-sa-20170621-piepnm2)

A vulnerability in the Cisco Prime Infrastructure PI SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be...

Sql injection

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected...

IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities

IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describe three 3 vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and...

TeamPass < 2.1.25 Multiple Vulnerabilities (Jan 2016)

TeamPass is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:teampass:teampass"; ifdescription...

CVE-2017-3886

CVE-2017-3886 maps to Cisco Unified Communications Manager SQL Injection via the web interface. The vulnerability is triggered by an authenticated administrative user who can execute arbitrary SQL queries, potentially compromising confidentiality. Affected releases include 1.0(1.10000.10) and 11....

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The attacker must be authenticated as an administrative user to execute SQL database queries. The...

IBM Tivoli Storage Manager Server Buffer Overflow Vulnerability

IBM Tivoli Storage Manager Server is a suite of storage management software solutions for the areas of data protection, space management and archiving, business resilience, and disaster recovery from IBM in the United States. The solution reduces the risk of data loss by automating data backup an...

SQL Injection

loopback-connector-postgresql is vulnerable to SQL injection attacks. This is because user-supplied inputs are not properly sanitized before using them in SQL queries, allowing a remote attacker to inject or manipulate SQL queries in the back-end database...

Fedora 25 : phpMyAdmin (2017-360e912fdb)

Welcome to phpMyAdmin 4.6.6, a release containing security and bug fixes. This release includes many security fixes of various levels of severity. We recommend all users upgrade to this release immediately. For full information on the vulnerabilities fixed and mitigation factors for users who are...

Fedora 24 : phpMyAdmin (2017-294c23bb1d)

Welcome to phpMyAdmin 4.6.6, a release containing security and bug fixes. This release includes many security fixes of various levels of severity. We recommend all users upgrade to this release immediately. For full information on the vulnerabilities fixed and mitigation factors for users who are...

Advantech WebAccess 'updateTemplate.aspx' SQL Injection and Authentication Bypass Vulnerabilities

Advantech WebAccess is prone to an SQL injection SQLi vulnerability and an authentication-bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Sophos XG Firewall Controller filter SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos XG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the filter parameter provided to the /userportal/Controller endpoint. T...

WordPress Symposium Plugin SQL Injection (CVE-2015-6522)

An SQL injection vulnerability exists in the WordPress Symposium Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

Sql injection

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information:...

CVE-2016-6443

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information:...

CVE-2016-6443

CVE-2016-6443 affects Cisco Prime Infrastructure and Evolved Programmable Network Manager (EPNM) with a SQL database interface vulnerability. The issue is a lack of input validation in SQL queries, allowing an authenticated, remote attacker to execute a subset of arbitrary SQL statements that can...