sql injection vulnerabilities and exploits

(subscribe to this query)

6.5

CVSSv2

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly...

Cisco Unified Communications Manager 10.5\\(2.10000.5\\)Cisco Unified Communications Manager 11.5\\(1.10000.6\\)Cisco Unified Communications Manager 12.0\\(1.10000.10\\)Cisco Unified Communications Manager 12.5\\(1.10000.22\\)6 Github repositories available

7.5

CVSSv2

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker...

Cisco Prime Collaboration Cisco Prime Collaboration Provisioning

4

CVSSv2

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input...

Cisco Unified Communications Manager 11.5\\(1.13900.52\\)

7.5

CVSSv2

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for...

Djangoproject Django Fedoraproject Fedora 30 Debian Debian Linux 9.0 Debian Debian Linux 10.05 Github repositories available

5.5

CVSSv2

A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL...

Cisco Prime Infrastructure 2.0\\(4.0.45b\\)Cisco Prime Infrastructure 3.1\\(1\\)

6.5

CVSSv2

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters....

Cisco Data Center Network Manager

5.5

CVSSv2

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection...

Cisco Emergency Responder -

6.5

CVSSv2

A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL...

Cisco Unified Communications Manager 10.5\\(2.10000.5\\)Cisco Unified Communications Manager 11.0\\(1.10000.10\\)Cisco Unified Communications Manager 11.5\\(1.10000.6\\)

NA

A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly...

6

CVSSv2

SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485....

Cisco Firepower Management Center 4.10.3 Cisco Firepower Management Center 5.2.0 Cisco Firepower Management Center 5.3.0 Cisco Firepower Management Center 5.3.1 Cisco Firepower Management Center 5.4.01 Article available

« PREV 1 2 3 4 5 6 7 8 9 10 NEXT »