Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7092 | 1 Mcafee | 1 Email Gateway | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys. | |||||
| CVE-2013-7189 | 1 Iscripts | 1 Autohoster | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php. | |||||
| CVE-2013-7187 | 1 Ncrafts | 1 Formcraft | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2013-7192 | 1 Etoshop | 1 Dynamic Biz Website Builder Quickweb | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp. | |||||
| CVE-2013-7193 | 1 Etoshop | 1 C2c Forward Auction Creator | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp. | |||||
| CVE-2013-7216 | 1 Etoshop | 1 Classifieds Creator | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to demo/classifieds/product.asp, or (2) UserID or (3) Password field to demo/classifieds/admin.asp. | |||||
| CVE-2013-7278 | 1 Naxtech | 1 Cms Afroditi | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp. | |||||
| CVE-2014-0966 | 1 Ibm | 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-1204 | 1 Tableausoftware | 1 Tableau Server | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled. | |||||
| CVE-2014-1466 | 1 Csp Mysql User Manager Project | 1 Csp Mysql User Manager | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. | |||||
| CVE-2014-1597 | 1 I-doit | 1 I-doit | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI. | |||||
| CVE-2014-1618 | 1 Uaepd | 1 Shopping Cart Script | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php. | |||||
| CVE-2014-1619 | 1 Cubicfactory | 1 Cubic Cms | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario. | |||||
| CVE-2014-2238 | 1 Mantisbt | 1 Mantisbt | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter. | |||||
| CVE-2014-2318 | 1 Atcom | 1 Netvolution | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter. | |||||
| CVE-2014-2339 | 1 Sir | 1 Gnuboard | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter. | |||||
| CVE-2014-2587 | 1 Mcafee | 1 Asset Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). | |||||
| CVE-2014-2708 | 1 Cacti | 1 Cacti | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter. | |||||
| CVE-2014-3055 | 1 Ibm | 2 Websphere Portal, Websphere Portal Unified Task List Portlet | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3041 | 1 Ibm | 1 Emptoris Contract Management | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3138 | 1 Xerox | 1 Docushare | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-3336 | 1 Cisco | 1 Unity Connection | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. | |||||
| CVE-2014-3326 | 1 Cisco | 1 Security Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957. | |||||
| CVE-2014-3339 | 1 Cisco | 2 Unified Communications Domain Manager, Unified Presence Server | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. | |||||
| CVE-2014-3366 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | |||||
| CVE-2014-3446 | 1 Bss | 1 Continuity Cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter. | |||||
| CVE-2014-4034 | 1 Aas9 | 1 Zerocms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
| CVE-2014-4313 | 1 Epicor | 1 Epicor Procurement | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field. | |||||
| CVE-2013-3525 | 1 Bestpractical | 1 Request Tracker | 2017-08-29 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims." | |||||
| CVE-2013-1893 | 1 Owncloud | 1 Owncloud | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application. | |||||
| CVE-2013-3524 | 1 Simpilotgroup | 1 Pop Up News | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS. | |||||
| CVE-2013-3523 | 1 Gajennings | 1 This | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-2050 | 1 Redhat | 2 Cloudforms Management Engine, Manageiq Enterprise Virtualization Manager | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action. | |||||
| CVE-2013-3478 | 1 Apptha | 1 Video Gallery Plugin | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php. | |||||
| CVE-2013-3050 | 1 Zapms | 1 Zapms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product. | |||||
| CVE-2013-5302 | 2 Kennziffer, Typo3 | 2 Ke Search, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-5028 | 1 Kwoksys | 1 Information Server | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command. | |||||
| CVE-2013-3081 | 1 Jojocms | 1 Jojo-cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/. | |||||
| CVE-2013-4887 | 1 Springsignage | 1 Xibo | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter. | |||||
| CVE-2013-4879 | 1 Bigtreecms | 1 Bigtree Cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. | |||||
| CVE-2013-6341 | 1 Dokeos | 1 Dokeos | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php. | |||||
| CVE-2013-4870 | 2 News Search Project, Typo3 | 2 News Search, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-6331 | 1 Ibm | 1 Algo One | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6302. | |||||
| CVE-2013-4748 | 2 Georg Ringer, Typo3 | 2 News, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-4721 | 2 3ds, Typo3 | 2 Push2rss 3ds, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-6311 | 1 Ibm | 1 Marketing Platform | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-6302 | 1 Ibm | 1 Algo One | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6331. | |||||
| CVE-2013-4720 | 2 Typo3, Webempoweredchurch | 2 Typo3, Wec Discussion | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-4719 | 2 Lina Wolf, Typo3 | 2 Seo Pack For Tt News, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-4683 | 2 Christophe Balisky, Typo3 | 2 Meta Feedit, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||