PT-2018-15506 · Sap · Sap Hana Extended Application Services

Name of the Vulnerable Software and Affected Versions: SAP HANA Extended Application Services version 1.0 Description: The issue allows unauthenticated users to misuse a specific endpoint of the Controller's API to execute SQL statements, potentially delivering information about system...

OTCMS PHP_V2.83 code execution vulnerability in sysCheckFile_deal.php file

Nettitanium Article Management System OTCMS is a news/article publishing website using PHP+sqlite/mysql. A code execution vulnerability exists in the OTCMS PHPV2.83 sysCheckFiledeal.php file. An attacker can obtain a webshell by executing sql statements and writing a one-sentence trojan...

CVE-2017-1757

IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858...

Sql injection

IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858...

CVE-2017-8198

FusionSphere V100R006C00SPC102NFV has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL...

Sql injection

FusionSphere V100R006C00SPC102NFV has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL...

CVE-2017-8198

FusionSphere V100R006C00SPC102NFV has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL...

newrelic_rpm Gem Discloses Sensitive Information

Ruby agent 3.2.0 through 3.5.3.23 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information database credentials and SQL statements by sniffing the network and deserializing the data...

Sql injection

IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719...

CVE-2017-1311

IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719...

CVE-2017-1269

IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744...

CVE-2017-1269

The CVE-2017-1269 issue affects IBM Security Guardium v10.0, 10.0.1, 10.1, 10.1.2, and 10.1.3. It is a SQL injection vulnerability that could allow a remote attacker to view, add, modify, or delete data in the back-end database by sending specially crafted SQL statements. The root cause is SQL in...

ManageEngine Applications Manager MenuHandlerServlet SQL Injection (CVE-2016-9488)

An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the configid parameter when processing requests sent to MenuHandlerServlet servlet. By sending crafted request messages, a remote unauthenticated attacker can exploi...

Sql injection

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1992067...

CVE-2016-9994

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1976805...

Sql injection

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1976805...

CVE-2016-9992

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1992067...

CVE-2016-9994

IBM Kenexa LCMS Premier on Cloud 9.0 and 10.0.0 are affected by a SQL injection vulnerability (CVE-2016-9994). A remote attacker could submit specially crafted SQL statements to view, add, modify, or delete data in the back-end database. The issue has been addressed by IBM in LCMS Premier on Clou...

Sql injection

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

Sql injection

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...