Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4990 | 1 Openx | 1 Openx | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. | |||||
| CVE-2012-4951 | 1 Verifone | 1 Vericentre Web Console | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter. | |||||
| CVE-2012-4949 | 1 Esri | 1 Arcgis | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. | |||||
| CVE-2012-4927 | 1 Limesurvey | 1 Limesurvey | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php. | |||||
| CVE-2012-4925 | 1 Imgpals | 1 Img Pals Photo Host | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-4772 | 1 Intelliants | 1 Subrion Cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. | |||||
| CVE-2012-4743 | 2 Eos.pe, Zeroboard | 2 Siche Search Module, Zeroboard | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters. | |||||
| CVE-2013-0135 | 1 Chatelao | 1 Php Address Book | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php. | |||||
| CVE-2012-4282 | 1 Toocharger | 1 Trombinoscope | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-4281 | 1 Itechscripts | 1 Travelon Express | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php. | |||||
| CVE-2012-4261 | 1 Hccgmbh | 1 Mycare2x | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter. | |||||
| CVE-2012-4240 | 1 Group-office | 1 Groupoffice | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2012-4232 | 1 Jcore | 1 Jcore | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie. | |||||
| CVE-2012-4178 | 1 Symantec | 1 Web Gateway | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter. | |||||
| CVE-2012-4260 | 1 Hccgmbh | 1 Mycare2x | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter to modules/importer/mycare2x_importer.php; (5) myOpsEintrag or (6) keyword parameter in a Suchen action to modules/drg/mycare2x_proc_search.php; or (7) name_last or (8) pid parameter to modules/patient/mycare_pid.php. | |||||
| CVE-2012-4061 | 1 Asp-dev | 1 Xm Diary | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp. | |||||
| CVE-2012-4060 | 1 Asp-dev | 1 Xm Forums | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp. | |||||
| CVE-2012-6626 | 1 Brian Cabunac | 1 Browser To Email Phone Message System | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2012-4056 | 1 Uiga | 1 Personal Portal | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2012-6643 | 1 Clip-bucket | 1 Clipbucket | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-6577 | 2 Typo3, Typoheads | 2 Typo3, Formhandler | 2017-08-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-4055 | 1 Uiga | 1 Fan Club | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2012-4034 | 1 Pbboard | 1 Pbboard | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php. | |||||
| CVE-2012-6529 | 1 Marinet | 1 Marinet Cms | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php. | |||||
| CVE-2012-6526 | 1 Vastal | 1 Freelance Zone | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter. | |||||
| CVE-2012-6525 | 1 Phpbridges Dev Team | 1 Phpbridges | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.php in PHPBridges allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-6524 | 1 Powie | 1 Pgb | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-6520 | 1 Wikidforum | 1 Wikidforum | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties. | |||||
| CVE-2012-3953 | 1 Phplist | 1 Phplist | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | |||||
| CVE-2012-6519 | 1 Diy-cms | 1 Diy-cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php. | |||||
| CVE-2012-3839 | 1 Myclientbase | 1 Myclientbase | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search. | |||||
| CVE-2012-6516 | 1 Shawn Bradley | 1 Php Ticket System | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php. | |||||
| CVE-2012-6507 | 1 Jason Sexauer | 1 Churchcms | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action. | |||||
| CVE-2012-3820 | 1 Arialsoftware | 1 Campaign Enterprise | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp. | |||||
| CVE-2012-6290 | 1 Imagecms | 1 Imagecms | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | |||||
| CVE-2012-3834 | 1 Alienvault | 1 Open Source Security Information Management | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter. | |||||
| CVE-2012-3791 | 1 Cms-center | 1 Simple Web Content Management System | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php. | |||||
| CVE-2012-5912 | 1 Pico | 1 Picopublisher | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php. | |||||
| CVE-2012-5910 | 1 B2evolution | 1 B2evolution | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. | |||||
| CVE-2012-5909 | 1 Mybb | 1 Mybb | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php. | |||||
| CVE-2012-5894 | 1 Havalite | 1 Cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter. | |||||
| CVE-2012-5865 | 1 Achievo | 1 Achievo | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. | |||||
| CVE-2012-5861 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php. | |||||
| CVE-2012-5766 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than CVE-2013-0560. | |||||
| CVE-2012-5760 | 1 Ibm | 1 Netezza | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-5701 | 1 Dotproject | 1 Dotproject | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2012-5648 | 1 Theforeman | 1 Foreman | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism. | |||||
| CVE-2012-5367 | 1 Orangehrm | 1 Orangehrm | 2017-08-29 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks. | |||||
| CVE-2012-5350 | 1 Wordpress | 2 Pay-with-tweet, Wordpress | 2017-08-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. | |||||
| CVE-2012-5348 | 1 Wilson Steven | 1 Mangosweb Enhanced | 2017-08-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php. | |||||