The vulnerability of the Cisco Unified Communications Manager system allows a perpetrator to circumvent access control rules.

The vulnerability of the Cisco Unified Communications Manager web interface relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass access controls by making arbitrary queries to the SQL database...

Castle Rock Computing SNMPc SQL Injection Vulnerability

Castle Rock Computing SNMPc Network Manager is distributed network management system software that monitors all activity on a network. A SQL injection vulnerability exists in versions of Castle Rock Computing SNMPc prior to 2015-12-17. A remote attacker can exploit the vulnerability to extract da...

Cell Phone Remote Lighting Monitoring System SQL Injection Vulnerability in txtUsername Parameter

Mobile Remote Lighting Monitoring System is a lighting monitoring system from China Electronic Technology Group Corporation. A SQL injection vulnerability exists in the Mobile Remote Lighting Monitoring System. The lack of filtering of the 'txtUsername' parameter allows an attacker to exploit the...

Sweepstakes Pro Software SQL Injection Vulnerability

Sweepstakes Pro Software is a suite of sweepstakes software to increase email lists, increase social networking, and drive sales by running sweepstakes software in conjunction with sweepstakes. A SQL injection vulnerability exists in the s parameter in both win.php and widgetlb.php in Sweepstakes...

GLink Word Link Script SQL Injection Vulnerability

GPix is a free and powerful text link script based on link ads that runs on PHP/MySQL web servers. A SQL injection vulnerability exists in GLink Word Link Script, which is caused by a failure to effectively filter user-submitted data. An attacker can exploit the vulnerability to obtain sensitive...

WordPress Spider Event Calendar Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Spider Event Calendar plugin version 1.5.51, which can be exploited by...

phplist SQL injection vulnerability (CNVD-2017-04334)

phplist is an application written in PHP for news management. A SQL injection vulnerability exists in phplist, which can be exploited by attackers to access or modify database data...

Joomla! OpenCart Component SQL Injection Vulnerability

Joomla! is a content management system which is quite famous in foreign countries.OpenCart is a system component for product management in Joomla! A SQL injection vulnerability exists in the productid parameter of the Joomla! OpenCart index.php page, which can be exploited by attackers to access ...

WordPress Mail Masta plugin SQL injection vulnerability (CNVD-2017-02634)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Mail Masta aka mail-masta is one of the email plug-ins. WordPress Mail Masta plugin version 1.0 in...

[SECURITY] Fedora 24 Update: drupal7-metatag-1.21-1.fc24

The Metatag module allows you to automatically provide structured metadata, aka "meta tags", about your website. In the context of search engine optimization, when people refer to meta tags they are usually referring to the meta description tag and the meta keywords tag that may help improve the...

CVE-2016-8940

IBM Tivoli Storage Manager IBM Spectrum Protect 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these...

CVE-2016-9992

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1992067...

Joomla com_sgpprojects Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla comsgpprojects component. An attacker can exploit the vulnerability to access or modify database data...

Joomla com_wisroyq component 'Pid' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'Pid' parameter of the Joomla comwisroyq component. An attacker can exploit the vulnerability to access or modify database data...

CVE-2016-8998

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference : 1998747...

Ichitaro Office JTD Figure handling Code Execution Vulnerability

Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro’s proprietary file format is a Compound Document similar to .doc for Microsoft Word called .jtd. Wh...

Joomla djcatalog2 Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla djcatalog2 component. An attacker can exploit the vulnerability to access or modify database data...

SQL Injection Vulnerability in Ocean CMS tid Parameter

Ocean CMS is an open source website builder. An SQL injection vulnerability exists in the admintopicvod.php page of Ocean CMS 6.46 utf-8 official. The lack of filtering of the 'tid' parameter allows an attacker to exploit the vulnerability to obtain sensitive information about the database...

SQL command execution vulnerability in the sysId parameter of Wyspeed V2 video conferencing system

Vizz V2 Video Conferencing System is a video conferencing system. A SQL command execution vulnerability exists in the sysId parameter of the Vizz V2 video conferencing system. It allows an attacker to remotely write a shell and gain server privileges...

Joomla Hbooking Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla Hbooking component. An attacker can exploit the vulnerability to access or modify database data...