Trace Financial CRESTBridge up to 6.3.0.01 sql injection [CVE-2020-24667]
A vulnerability has been found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software) and classified as critical. This vulnerability
Trace Financial CRESTBridge up to 6.3.0.01 sql injection [CVE-2020-24671]
A vulnerability was found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software) and classified as critical. This issue affects
Common Vulnerabilities and Exposures Countermeasures: Unknown Exploit: No Local: No Product: Video Embed Plugin Remote: Yes Risk: critical Type: WordPress Plugin
Video Embed Plugin up to 1.0 on WordPress GET Parameter id sql injection
A vulnerability classified as critical has been found in Video Embed Plugin up to 1.0 on WordPress (WordPress Plugin). This
FlightLog Plugin up to 3.0.2 on WordPress POST sql injection
A vulnerability, which was classified as critical, was found in FlightLog Plugin up to 3.0.2 on WordPress (WordPress Plugin). Affected
Common Vulnerabilities and Exposures Countermeasures: Unknown Exploit: No Local: No Product: ArcGIS Server Remote: Yes Risk: critical
ArcGIS Server up to 10.8.1 sql injection [CVE-2021-29099]
A vulnerability was found in ArcGIS Server up to 10.8.1. It has been rated as critical. This issue affects an
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities
Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table(s):
Cisco Unified Communications Manager IM & Presence Service Release
First Fixed Release
Earlier than 10.5
None.
10.5
None.
11.0
Migrate to 11.5(1)SU9.
11.5
11.5(1)SU9
12.0
Migrate to 12.5(1)SU4.
12.5
12.5(1)SU4
Online Bus Ticket Reservation 1.0 – SQL Injection
Overview : Online Bus Ticket Reservation 1.0 – SQL Injection Affected Product(s) : Version: 1.0 Vulnerability Details : CVE ID
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability.
Overview : Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can
SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA)
Overview : An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02,
phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability
Overview : In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of
LogicalDoc before 8.3.3 allows SQL Injection
Overview : LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 SQL Injection Vulnerability
Overview : SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID
Multiple SQL injection vulnerabilities in D-Link DSR-Routers
Overview : Multiple SQL injection vulnerabilities in D-Link DSR Routers Affected Product(s) : D-Link DSR-150 (Firmware < v1.08B44) D-Link DSR-150N
Octeth Oempro 4.7 allows SQL injection
Overview : Octeth Oempro 4.7 found a SQL injection. The parameter “CampaignID” in “Campaign.Get” is vulnerable to SQL Injection attacks.
Accentis Content Resource Management System suffer from a remote SQL injection vulnerability.
Overview : Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a remote SQL
SQL Injection attack in pimcore before 6.3.0
Overview : Pimcore data leakage Flaws through SQL Injection Affected Product(s) : pimcore/pimcore before 6.3.0 Vulnerability Details : CVE ID :
SQL Injection flaw in SuiteCRM
Overview : SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. Affected Product(s) :
Potential SQL injection in PostgreSQL Zend\Db adapter
Overview : Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. Affected Product(s)
Authenticated SQL Injection in OpenEMR before 5.0.2.1
Overview : Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the
SQL injection vulnerability in Zoho ManageEngine OpManager before 12.4
Overview : An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to
vBulletin 5.5.4 allows Two SQL Injection Vulnerabilities
Overview : vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. Affected Product(s) : vBulletin 5.5.4 Vulnerability
NETGEAR SRX5308 SQL Injection Vulnerability
Overview : NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a
TuziCMS 2.0.6 has SQL injection via index.php
Overview : App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. Affected Product(s) : TuziCMS 2.0.6 Vulnerability Details
SQL injection vulnerability in Terrasoft Bpm’online CRM
Overview : A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm’online CRM-System SDK 7.13 permits attackers to execute