Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1405 | 1 Content Rating Extbase Project | 1 Content Rating Extbase | 2015-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-1369 | 1 Sequelize Project | 1 Sequelize | 2015-01-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2015-1364 | 1 Freereprintables | 1 Articlefr | 2015-01-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/. | |||||
| CVE-2015-1372 | 1 Ferretcms Project | 1 Ferretcms | 2015-01-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. | |||||
| CVE-2014-2081 | 1 Iii | 1 Vtls-virtua | 2015-01-26 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | |||||
| CVE-2014-7814 | 1 Redhat | 1 Cloudforms 3.1 Management Engine | 2015-01-20 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter. | |||||
| CVE-2014-9560 | 1 Softbb | 1 Softbb | 2015-01-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||||
| CVE-2014-100035 | 1 Licensepal | 1 Arcticdesk | 2015-01-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-100012 | 1 Sendy | 1 Sendy | 2015-01-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||||
| CVE-2014-10015 | 1 Phpjabbers | 1 Event Booking Calendar | 2015-01-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2014-4644 | 1 Cacti | 1 Superlinks | 2015-01-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2015-0919 | 1 Sefrengo | 1 Sefrengo | 2015-01-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. | |||||
| CVE-2014-9455 | 1 Cts Projects\&software | 1 Classad | 2015-01-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2014-9450 | 1 Zabbix | 1 Zabbix | 2015-01-06 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter. | |||||
| CVE-2014-9457 | 1 Pmb Services | 1 Pmb | 2015-01-05 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. | |||||
| CVE-2014-9442 | 1 Reality66 | 1 Cart66 Lite | 2015-01-05 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-9435 | 1 Absolutengine | 1 Absolut Engine | 2015-01-05 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php. | |||||
| CVE-2014-9464 | 1 Microweber | 1 Microweber | 2015-01-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. | |||||
| CVE-2010-5317 | 1 Basic-cms | 1 Sweetrice | 2015-01-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action. | |||||
| CVE-2014-9254 | 1 Minibb | 1 Minibb | 2015-01-03 | 7.5 HIGH | N/A |
| bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php. | |||||
| CVE-2011-5286 | 1 Social Slider Project | 1 Social Slider | 2015-01-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter. | |||||
| CVE-2011-5313 | 1 Redaxscript | 1 Redaxscript | 2015-01-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. | |||||
| CVE-2014-9115 | 1 Piwigo | 1 Piwigo | 2014-12-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit. | |||||
| CVE-2014-8306 | 1 C97 | 1 Cart Engine | 2014-12-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter. | |||||
| CVE-2012-5694 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2014-12-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/. | |||||
| CVE-2014-9345 | 1 Guruperl | 1 Advertise With Pleasure\! | 2014-12-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi. | |||||
| CVE-2014-9305 | 1 Reality66 | 1 Cart66 Lite | 2014-12-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-9102 | 1 Kunena | 1 Kunena | 2014-12-05 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php. | |||||
| CVE-2014-8728 | 1 Subex | 1 Roc Fraud Management System | 2014-12-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter. | |||||
| CVE-2014-9235 | 1 Zoph | 1 Zoph | 2014-12-05 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/. | |||||
| CVE-2014-9237 | 1 Proticaret | 1 Proticaret | 2014-12-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. | |||||
| CVE-2014-9240 | 1 Mybb | 1 Mybb | 2014-12-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action. | |||||
| CVE-2014-9242 | 1 Websitebaker | 1 Websitebaker | 2014-12-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||||
| CVE-2014-9097 | 1 Apptha | 1 Contus Video Gallery | 2014-11-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php. | |||||
| CVE-2014-9096 | 1 Pligg | 1 Pligg Cms | 2014-11-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter. | |||||
| CVE-2014-8999 | 1 Xoops | 1 Xoops | 2014-11-24 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. | |||||
| CVE-2014-8663 | 1 Sap | 1 Netweaver Business Warehouse | 2014-11-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-6030 | 1 Classapps | 1 Selectsurvey.net | 2014-11-06 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx. | |||||
| CVE-2014-5520 | 1 Xrms Crm Project | 1 Xrms Crm | 2014-10-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php. | |||||
| CVE-2014-8363 | 1 Wordpress Spreadsheet Project | 1 Wordpress Spreadsheet | 2014-10-25 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | |||||
| CVE-2014-3978 | 1 Tomatocart | 1 Tomatocart | 2014-10-24 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact. | |||||
| CVE-2014-7201 | 1 Kevin Renskers | 1 Dmmjobcontrol | 2014-10-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/. | |||||
| CVE-2014-8294 | 1 Php Resource | 1 Voice Of Web Allmyguests | 2014-10-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password. | |||||
| CVE-2014-8295 | 1 Bacula | 1 Bacula-web | 2014-10-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | |||||
| CVE-2014-3382 | 1 Cisco | 1 Asa | 2014-10-12 | 7.8 HIGH | N/A |
| The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027. | |||||
| CVE-2014-7981 | 1 Joomla | 1 Joomla\! | 2014-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5308 | 1 Testlink | 1 Testlink | 2014-10-09 | 9.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php. | |||||
| CVE-2014-5503 | 1 Cyberoam | 1 Cyberoam Os | 2014-10-08 | 10.0 HIGH | N/A |
| SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode. | |||||
| CVE-2014-6295 | 1 Wec Map Project | 1 Wec Map | 2014-10-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-6293 | 1 Kennziffer | 1 Statistics | 2014-10-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014. | |||||