CVE-2017-2519

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial o...

WordPress Plugin Mail Masta 1.0 - SQL Injection

Vulnerability information Vulnerability title: WordPress Plugin Mail Masta 1.0 - SQL Injection Plugin home page: https://wpcore.com/plugin/mail-masta Vulnerability type: SQL injection CVE : CVE-2017-6095, CVE-2017-6096, CVE-2017-6097, CVE-2017-6098 Vulnerability analysis The first injection...

Takas Classified 1.1 - SQL injection vulnerability

controllers/Classifiedads. php file subcatid and catid, the locid, the areaid, type, and post parameter into the SQL statement cause the SQL injection to produce SQL injection points: http://localhost/PATH/index. php/classifiedads/ads/?& subcatid=SQL http://localhost/PATH/index...

xercms \XerCMS\Services\admin\member.php the background file contains any SQL statement execution vulnerability

In the D:\phpStudy\WWW\xercms\XerCMS\Services\admin\forms. in php updateTemplate（）function function updateTemplate $sname = g'sname';$data = stripslashesp'content'; fileputcontentsINC.' Data/forms/template/'.$ sname.'. htm',$data; $this-tips'finish',dreferer; You can see fileputcontentsINC.'...

CVE-2017-5218

A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...

Trend Micro Control Manager cgiCMUIDispatcher SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within cgiCMUIDispatcher.exe. The issue lies in the failure to sanitize user-supplied...

Trend Micro Control Manager AdHocQuery_CustomProfiles SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within AdHocQueryCustomProfiles.aspx. The issue lies in the failure to sanitize...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.6.3-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

SolarWinds Storage Resource Monitor Profiler Server RulesMetaData addNewRule SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RulesMetaData's addNewRule method which is reachable through t...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.6.2-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Design/Logic Flaw

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service daemon crash by leveraging an unspecified scalar function in a SQL statement...

CVE-2015-0157

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service daemon crash by leveraging an unspecified scalar function in a SQL statement...

CVE-2015-0157

CVE-2015-0157 affects IBM DB2 LUW and InfoSphere BigInsights; a remote authenticated DB2 user can crash the server by sending a crafted SQL using scalar functions (ROUND/TRUNCATE). CVSS base 6.8. Affected: DB2 LUW 9.7/9.8/10.1/10.5 lines; BigInsights’ Big SQL includes DB2 components. Remediation:...

Cisco Unified MeetingPlace Unspecified SQLi (CSCuu54037)

According to its self-reported version number, the Cisco Unified MeetingPlace application hosted on the remote web server is potentially affected by a SQL injection vulnerability due to a failure to properly sanitize user-supplied input. An authenticated, remote attacker can exploit this to...

[Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information Disclosure via SQL IMPORT FROM statement 1. Impact on Business ===================== Under certain conditions some SAP HANA Database commands could be abused by a remote authenticated...

Code injection

SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565...

CVE-2015-3995

CVE-2015-3995 concerns SAP HANA DB 1.00.73.00.389160 (NewDB100_REL). A remote, authenticated user can read arbitrary files via an IMPORT FROM SQL statement due to an improper access control weakness. Onapsis’ advisory (linked to CVE-2015-3995) documents the vulnerability class as Improper Access ...

ManageEngine Applications Manager CommonAPIUtil SyncMonitors haid SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SyncMonitors method of the CommonAPIUtil class. The issue lies i...

ManageEngine Applications Manager DowntimeSchedulerServlet TASKID SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DowntimeSchedulerServlet servlet. The issue lies in the failure ...

ManageEngine OpManager APMAlertOperationsServlet source SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the APMAlertOperationsServlet servlet. The issue lies in the failure to sanitiz...