ManageEngine Applications Manager CommonAPIUtil moveSubGroup haid/tohaid SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the moveSubGroup method of the CommonAPIUtil class. The issue lies i...

ManageEngine OpManager UpdateProbeUpgradeStatus probeName SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateProbeUpgradeStatus servlet. The issue lies in the failure to sanitize...

ManageEngine Applications Manager CommonAPIUtil getAdminMG resId SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getAdminMG method of the CommonAPIUtil class. The issue lies in...

ManageEngine Applications Manager DBUtil port SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBUtil class. The issue lies in the failure to sanitize...

Novell Zenworks GetStoredResult.class SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetReRequestData method of the GetStoredResult class. The issue lies in the failur...

Novell Zenworks schedule.ScheduleQuery SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ScheduleQuery method of the schedule class. The issue lies in the failure to...

CVE-2013-6241

The Birthday widget in the backend in Open-Xchange OX AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday,...

[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.13.1-1.fc21

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Wordpress bulletproof-security <=.51 multiple vulnerabilities

Vulnerability title: Wordpress bulletproof-security =.51 multiple vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7958, CVE-2014-7959, CVE-2014-8749 Vendor: AITpro Product: bulletproof-security Affected version: bulletproof-security = .51 Vulnerabilities fixed in version: .51.1 Details: xss...

mantisbt: sql injection

Edwin Gozeling and Wim Visser discovered that when the projectid parameter of the SOAP-request starts with the integer of a project to which the user or anonymous is authorized, the ENTIRE value will become the first item of $tprojects. As this value is concatenated in the SQL statement,...

[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.8.1-2.fc21

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

KLA10615 Multiple vulnerabilities in Microsoft SQL Server

Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to cause denial of service or inject arbitrary code. Below is a complete list of vulnerabilities 1. Lack of stack memory restrictions can be exploited remotely via a special...

Symphony CMS 2.1.2 - Blind SQL Injection

No description provided by source. -------------------------------------------------------------------------------------------- 20110424 - Justanotherhacker.com : Symphony-cms blind sql injection JAHx111 - http://www.justanotherhacker.com/advisories/JAHx111.txt...

How2ASP.net Webboard <= 4.1 - Remote SQL Injection Vulnerability

No description provided by source. ========================================================== How2ASP.net Webboard 4.1 Remote SQL Injection Vulnerability ========================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Undergrou...

yungoucms system latest SQL injection-vulnerability warning-the black bar safety net

Official website : http://www.yungoucms.com/ demo site: http://www.yungoucms.cn/ Product search you can build a SQL statement that is! http://www.yungoucms.cn/?/stag/ publicfunction tag $search =$this-segment4; if!$ searchmessage"enter search keyword"; $search = urldecode$search; $search =...

Lying on the ground look at the code-ecshop background injection-vulnerability warning-the black bar safety net

Brief description: Background injection of no value - however this point can be any structure statements, including drop database;and select into outfile, by the way also comes with the explosive path brought getshell good Detailed description: admin\include\libmain.php row 7 1 8 function...

Alpaca the CMS injection and getwebshell code audit study-vulnerability warning-the black bar safety net

Recently in the study of code audit,will go to chinaz looking for a personal gas of a relatively high cms,this fit I just start dropping people Ue batch checked the source code of the entire system are in the injection the injection Well,single quotes Ah,also need to bypass,open the gpc will...

apache24 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: moddav: Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault. modsessiondbd: Make sure that dirty flag is respected when...

Buffer overflow

Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement...

IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities

The host is running IBM DB2 and is prone to denial of service and security bypass vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmdb2xmldosncreatevarsecbypassvuln.nasl 5999 2017-04-21 09:02:32Z teissa $ IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities Authors:...