Abledating themes warez
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection.A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Big Fix Web UI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection.
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection.
inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the delete Faveorite/ PATH_INFO. User Controller#delete Favorite (aka delete Favorite in com/inxedu/os/edu/controller/user/User Controller.java), where course Favorites Service.delete Course Favorites By Id is mishandled during use of My Batis.
NOTE: User has a spelling variation in an annotation: a @Request Mapping("/delete Faveorite/") line followed by a "public Model And View delete Favorite" line.
At the time of publication, this vulnerability affected Cisco ISE running software releases 2.6.0 and prior.
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries.