Cacti graph.php SQL Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools. The Cacti graph.php script fails to properly filter the localgraphid parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

IBM Security SiteProtector System SQL Injection Vulnerability

The IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents and devices. A SQL injection vulnerability exists in IBM Security SiteProtector System, which allows remote attackers to exploit the...

WordPress Tune Library Plugin SQL Injection Vulnerability

WordPress is a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up personal blog site.Tune Library is one of the plugin used to import XML iTunes music library files into the WordPress database. A SQL injection vulnerability exists in the...

Free MP3 CD Ripper Buffer Overflow Vulnerability

Free MP3 CD Ripper is a free software to convert MP3 format to CD. The current version of Free MP3 CD Ripper V2.8 does not strictly check the user input file during the .wav to .mp3 format conversion process, and by constructing a special .wav file, inducing the user to convert it can trigger a...

Cisco Unified Communications Manage SQL Injection Vulnerability

Cisco Unified Communications Manager is the call processing component of the IP Telephony solution from Cisco. A SQL injection vulnerability exists in Cisco Unified Communications Manager due to the program failing to properly filter user-supplied input. This allows an authenticated, remote...

Novell ZENworks 'GetReRequestData' Method SQL Injection Vulnerability

Novell ZENworks is a suite of software that supports automated IT management and business process management across resources within an organization. A SQL injection vulnerability in the 'GetReRequestData' method of the GetStoredResult class in Novell ZENworks allows remote attackers to submit...

The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the libgsf-32bit package of the SUSE Linux Enterprise operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

The vulnerability of Cisco ACS’s microprogramming software allows a remote attacker to execute arbitrary code.

The vulnerability of the ACS View interface allows a remote authenticated user with administrator privileges to execute arbitrary SQL commands using specially crafted HTTPS requests...

The vulnerability of the microprogramming software of the Cisco ASA security device allows a remote attacker to induce a maintenance failure.

The vulnerability of the microprogramming software of the Cisco ASA security device in the XML processing module when using Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN allows a malicious actor to trigger a service failure a malfunction in the VPN operation or a system restart ...

WordPress Plugin All In One WP Security & Firewall admin/wp-security-list-acct-activity.php SQL Injection Vulnerability

WordPress is a set of blogging platform developed in PHP language by WordPress Software Foundation, which supports setting up personal blog sites on servers with PHP and MySQL.All In One WP Security & Firewall Plugin for WordPress is a Wordpress Security Plugin. The All In One WP Security &...

Cisco CUCDM SQL Injection Vulnerability

Cisco Unified Communications Manager is an enterprise-class IP telephony call processing system. A sql injection vulnerability exists in the graphical administration feature of Cisco Unified Communications Domain Manager Application Software due to a failure to effectively validate user-supplied...

Hospira MedNet Hardcoded Password Vulnerability (CNVD-2015-02160)

MedNet manages drug libraries, firmware updates, and configurations for Hospira IV pumps for use in the healthcare and public health sectors. MedNet uses plain text stored passwords for the SQL database, which allows an attacker to compromise the MedNet SQL server and gain administrator access to...

Multiple SQL Injection Vulnerabilities in Fiyo CMS

Fiyo CMS is small business phone service and mobile collaboration tool. Fiyo CMS has multiple SQL injection vulnerabilities. The vulnerabilities can be exploited by an attacker to gain access to sensitive database information...

[SECURITY] Fedora 22 Update: dokuwiki-0-0.24.20140929c.fc22

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at crea ting documentation of any kind. It has a simple but powerful syntax which makes sure the datafiles remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...

[SECURITY] Fedora 21 Update: dokuwiki-0-0.24.20140929c.fc21

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at crea ting documentation of any kind. It has a simple but powerful syntax which makes sure the datafiles remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...

Taming the wild copy: Parallel Thread Corruption

Posted by Chris Evans, Winner of the occasional race Back in 2002, a very interesting vulnerability was found and fixed in the Apache web server. Relating to a bug in chunked encoding handing, the vulnerability caused a memcpy call with a negative length with the destination on the stack. Of...

Comsenz SupeSite CMS SQL Injection Vulnerability

Comsenz SupeSite 7.0 CMS is a content management system developed by Comsenz. Comsenz SupeSite 7.0 CMS "batch.common.php" fails to properly filter user-submitted inputs for the "name" parameter, allowing remote attackers to submit specially crafted SQL queries to manipulate or obtain database dat...

WordPress SEO by Yoast SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.WordPress SEO by Yoast is an SEO plugin for wordpress. WordPress SEO by Yoast fails to properly filter user-submitt...

SQL Injection Vulnerability in Ticketmaster ERP Management System of Shanghai Shengdai Information Technology Co.

Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...

SIPhone Enterprise PBX SQL Injection Vulnerability

SIPhone Enterprise PBX is an enterprise switch product. A SQL injection vulnerability exists in SIPhone Enterprise PBX. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via a username...