Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6654 | 1 Zpanelcp | 1 Zpanel | 2017-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) resetkey or (2) inConfEmail parameter to index.php, a different vulnerability than CVE-2012-5685. | |||||
| CVE-2014-9175 | 1 Wpdatatables | 1 Wpdatatables | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-9347 | 1 Phpmyrecipes Project | 1 Phpmyrecipes | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter. | |||||
| CVE-2014-9348 | 1 Robotstats | 1 Robotstats | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php. | |||||
| CVE-2014-9440 | 1 Phpmyrecipes Project | 1 Phpmyrecipes | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2014-9445 | 1 Installatron | 1 Gatequest File Manager | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | |||||
| CVE-2014-9528 | 1 Humhub | 1 Humhub | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error. | |||||
| CVE-2014-9573 | 1 Mantisbt | 1 Mantisbt | 2017-09-08 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie. | |||||
| CVE-2015-0580 | 1 Cisco | 1 Secure Access Control System | 2017-09-08 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. | |||||
| CVE-2015-1423 | 1 Jakweb | 1 Gecko Cms | 2017-09-08 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php. | |||||
| CVE-2015-1513 | 1 Siphon | 1 Siphone Enterprise Pbx | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. | |||||
| CVE-2014-9173 | 1 Google Doc Embedder Project | 1 Google Doc Embedder | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. | |||||
| CVE-2013-7406 | 1 Mrbs Project | 1 Mrbs | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5192 | 1 Sphider | 1 Sphider | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter. | |||||
| CVE-2014-100019 | 1 Pomm-project | 1 Pomm | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-10034 | 1 Couponphp | 1 Couponphp | 2017-09-08 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/. | |||||
| CVE-2014-100020 | 1 Itechscripts | 1 Itechclassifieds | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. | |||||
| CVE-2014-100022 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. | |||||
| CVE-2014-100031 | 1 Ismail Fahmi | 1 Ganesha Digital Library | 2017-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. | |||||
| CVE-2014-10004 | 1 Maianscriptworld | 1 Maian Uploader | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-10013 | 1 Awpcp | 1 Another Wordpress Classifieds Plugin | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action. | |||||
| CVE-2014-10017 | 1 Welcart | 1 E-commerce | 2017-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. | |||||
| CVE-2014-10020 | 1 Tecorange | 1 Simple E-document | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2014-10023 | 1 Topicsviewer | 1 Topicsviewer | 2017-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/. | |||||
| CVE-2014-10029 | 1 Fluxbb | 1 Fluxbb | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter. | |||||
| CVE-2014-10032 | 1 Scriptbrasil | 1 Taboada Macronews | 2017-09-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-10033 | 1 Oscommerce | 1 Online Merchant | 2017-09-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action. | |||||
| CVE-2014-10038 | 1 Domphp | 1 Domphp | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. | |||||
| CVE-2014-5189 | 1 Leadoctopus | 1 Lead Octopus | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-5275 | 1 Prochatrooms | 1 Text Chat Rooms | 2017-09-08 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter. | |||||
| CVE-2014-5200 | 1 Fb Gorilla Project | 1 Fb Gorilla | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-5249 | 1 Biblio Autocomplete Project | 1 Biblio Autocomplete | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5262 | 1 Cacti | 1 Cacti | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5440 | 1 Mpexsolutions | 1 Mx-smartimer | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter. | |||||
| CVE-2014-6080 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2017-09-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-6233 | 1 Flat Manager Project | 1 Flat Manager | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-6241 | 1 Wt Directory Project | 1 Wt Directory | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-7176 | 1 Enalean | 1 Tuleap | 2017-09-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. | |||||
| CVE-2014-8351 | 1 French National Commission On Informatics And Liberty | 1 Cookieviz | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter. | |||||
| CVE-2014-8499 | 1 Manageengine | 1 Password Manager Pro | 2017-09-08 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc. | |||||
| CVE-2014-8506 | 1 Etiko | 1 Etiko Cms | 2017-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php. | |||||
| CVE-2014-8586 | 1 Cp Multi View Event Calendar Project | 1 Cp Multi View Event Calendar | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | |||||
| CVE-2015-2866 | 1 Grandstream | 2 Gxv3611 Hd, Gxv3611 Hd Firmware | 2017-09-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. | |||||
| CVE-2014-5109 | 1 Fonality | 1 Trixbox | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action. | |||||
| CVE-2014-4824 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4424 | 1 Apple | 1 Os X Server | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2008 | 1 Mpay24 Project | 1 Mpay24 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | |||||
| CVE-2013-6873 | 1 Testa | 1 Online Test Management System | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter. | |||||
| CVE-2013-6936 | 1 Mybb | 1 Ajax Forum Stat | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter. | |||||
| CVE-2013-6983 | 1 Cisco | 1 Unified Presence Server | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. | |||||