FusionPBX SQL Injection Vulnerability

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. An SQL injection vulnerability exists in FusionPBX. An attacker can exploit this...

SQL Injection Vulnerability in zhicms Background ad***.php Page

ZhiCms is an enterprise building system based on PHP and mysql technology. A SQL injection vulnerability exists in the ad.php page in the background of zhicms, which can be exploited by attackers to obtain sensitive information such as database...

GHSA-58V4-QWX5-7F59 SQL Injection in knex

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB...

YouPHPTube 'id' Parameter SQL Injection Vulnerability

YouPHPTube is a PHP-based video website system. A SQL injection vulnerability exists in the 'id' parameter of the /plugin/ADServer/view/campaignsVideos.json file in YouPHPTube version 7.6. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...

Bypass Vulnerability in Website Security Dog's SQL Injection Blocking Feature (CNVD-2019-41613)

Security Dog is a comprehensive server security protection tool that integrates server security protection and security management. A bypass vulnerability exists in the SQL injection blocking feature of Website Security Dog. An attacker can bypass the SQL injection blocking feature of Website...

YouPHPTube subscribe.json.php file SQL Injection Vulnerability

YouPHPTube is a PHP-based video website system. A SQL injection vulnerability exists in the /objects/subscribe.json.php file in YouPHPTube version 7.6. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit th...

WordPress wti-like-post plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wti-like-post is a plugin used to add likes to web pages. A SQL injection vulnerability exists in the WordPress wti-like-post plugin. ...

WordPress pretty-link plugin SQL injection vulnerability

WordPress is the WordPress Foundation's set of blogs using PHP language development guest platform. The platform supports setting up personal blog sites on PHP and MySQL servers. pretty-link is a plugin for adding hyperlinks to web pages. WordPress pretty-link plugin version 1.6.8 before the...

WordPress awesome-filterable-portfolio plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. awesome-filterable-portfolio is a plugin that supports the creation, management and publishing of personal portfolios. A SQL injection...

Tooonyy dormsystem SQL Injection Vulnerability

Tooonyy dormsystem is a dormitory information management system. A SQL injection vulnerability exists in the admin.php file in versions 1.3 and earlier of Tooonyy dormsystem, which stems from a lack of validation of externally-entered SQL statements in database-based applications and can be...

SQL injection vulnerability in c**l.asp page of Chengdu Firefox Technology Co.

Chengdu Firefox Technology Co., Ltd. is a set of research, promotion, development of new technology areas of the network, mainly dedicated to the enterprise information technology services of the professional network companies, is based on the Internet to provide a comprehensive e-commerce...

SQL Injection Vulnerability in Air Quality System Publishing System

Zhuhai Goling Information Technology Co., Ltd. is a high-tech enterprise engaged in research and development of core technology of information network, production of professional equipment and network application service. An SQL injection vulnerability exists in the Air Quality System Publishing...

SQL injection vulnerability in seacms backend ad***_co***.php page (CNVD-2019-41065)

seacms ocean movie management system, ocean cms is a video-on-demand system based on PHP + MySql technology. There is a SQL injection vulnerability in the adco.php page in the background of seacms. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL injection vulnerability in c**e.asp of Chengdu Firefox Technology Co.

Chengdu Firefox Technology Co., Ltd. is a set of research, promotion, development of new technology areas of the network, mainly dedicated to the enterprise information technology services of the professional network companies, is based on the Internet to provide a comprehensive e-commerce...

Cisco Firepower Management Center SQL Injection Vulnerability (CNVD-2019-34733)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A SQL injection vulnerability exists in the web-based management interface in Cisco FMC, which stems from the program's failure to properly validate input. A remote attacker could exploit...

CVE-2019-17415

A Structured Exception Handler SEH based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331...

Stack overflow

A Structured Exception Handler SEH based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331...

CVE-2019-17415

A Structured Exception Handler SEH based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331...

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...