Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0811 | 1 Postfix | 1 Postfix | 2014-10-02 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. | |||||
| CVE-2014-7153 | 1 Huge-it | 1 Image Gallery | 2014-09-22 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php. | |||||
| CVE-2014-2376 | 1 Ecava | 1 Integraxor | 2014-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-6239 | 1 Address Visualization With Google Maps Project | 1 Address Visualization With Google Maps | 2014-09-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3904 | 1 Tenfourzero | 1 Shutter | 2014-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5521 | 1 Xrms Crm Project | 1 Xrms Crm | 2014-09-03 | 6.5 MEDIUM | N/A |
| plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. | |||||
| CVE-2014-4197 | 1 Bssys | 1 Rbs Bs-client | 2014-08-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter. | |||||
| CVE-2014-5159 | 1 Alienvault | 1 Open Source Security Information Management | 2014-08-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. | |||||
| CVE-2014-3906 | 1 Kk-osk | 2 Advance-flow, Advance-flow Forms | 2014-08-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-5685 | 1 Zpanelcp | 1 Zpanel | 2014-08-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI. | |||||
| CVE-2014-3773 | 1 Teampass | 1 Teampass | 2014-08-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/. | |||||
| CVE-2014-5183 | 1 Simple Retail Menus Plugin Project | 1 Simple-retail-menus | 2014-08-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php. | |||||
| CVE-2014-5186 | 1 All Video Gallery Plugin Project | 1 All-video-gallery | 2014-08-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php. | |||||
| CVE-2014-5185 | 1 Quartz Plugin Project | 1 Quartz Plugin | 2014-08-07 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php. | |||||
| CVE-2014-5184 | 1 Stripshow Plugin Project | 1 Stripshow | 2014-08-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. | |||||
| CVE-2014-5182 | 1 Ostenta | 1 Yawpp | 2014-08-07 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php. | |||||
| CVE-2014-5180 | 1 Hdwplayer | 1 Hdw-player-video-player-video-gallery | 2014-08-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php. | |||||
| CVE-2014-5089 | 1 Status2k | 1 Status2k | 2014-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | |||||
| CVE-2014-5104 | 1 Ol-commerce Project | 1 Ol-commerce | 2014-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php. | |||||
| CVE-2014-5017 | 1 Limesurvey | 1 Limesurvey | 2014-07-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter. | |||||
| CVE-2014-4939 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2014-07-14 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php. | |||||
| CVE-2014-4944 | 1 Bannersky | 1 Bsk Pdf Manager | 2014-07-14 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php. | |||||
| CVE-2014-4013 | 1 Arubanetworks | 1 Clearpass | 2014-07-14 | 4.9 MEDIUM | N/A |
| SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4938 | 1 Wp Rss Poster Plugin Project | 1 Wp-rss-poster | 2014-07-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php. | |||||
| CVE-2014-3992 | 1 Dolibarr | 1 Dolibarr | 2014-07-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. | |||||
| CVE-2014-4852 | 1 Thedigitalcraft | 1 Atomcms | 2014-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-4850 | 1 Foecms | 1 Foecms | 2014-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||||
| CVE-2014-4741 | 1 Artifectx | 1 Xclassified | 2014-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2014-2934 | 1 Caldera | 1 Caldera | 2014-07-01 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. | |||||
| CVE-2014-4649 | 1 Piwigo | 1 Piwigo | 2014-06-30 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. | |||||
| CVE-2014-2948 | 1 Bizagi | 1 Business Process Management Suite | 2014-06-27 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request. | |||||
| CVE-2014-4307 | 1 Webtitan | 1 Webtitan | 2014-06-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. | |||||
| CVE-2014-4305 | 1 Nice | 1 Recording Express | 2014-06-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3962 | 1 Videos Tube Project | 1 Videos Tube | 2014-06-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php. | |||||
| CVE-2013-5354 | 1 Sharetronix | 1 Sharetronix | 2014-06-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup. | |||||
| CVE-2014-3973 | 1 Frontaccounting | 1 Frontaccounting | 2014-06-06 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3961 | 1 Xnau | 1 Participants Database | 2014-06-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/. | |||||
| CVE-2014-2655 | 1 Postfix Admin Project | 1 Postfix Admin | 2014-06-05 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias. | |||||
| CVE-2014-3937 | 1 Ajaydsouza | 1 Contextual Related Posts | 2014-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3935 | 1 Xoops | 1 Glossaire Module | 2014-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter. | |||||
| CVE-2014-3934 | 1 Phpnuke | 2 Php-nuke, Submit News Module | 2014-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. | |||||
| CVE-2014-3932 | 1 Cososys | 1 Endpoint Protector | 2014-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2013-4467 | 1 Vicidial | 1 Vicidial | 2014-05-20 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4970 | 1 Disk Pool Manager Project | 1 Disk Pool Manager | 2014-05-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, or (17) dpm_list_pfr_entry function; the (18) surl variable in the dpm_get_cpr_by_surl function; the (19) to_surl variable in the dpm_get_cpr_by_surls function; the (20) u_token variable in the dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry, or (25) dpm_insert_xferreq_entry function; the (26) s_token variable in the dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, or (33) dpm_update_pfr_entry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry, or (39) dpm_update_spcmd_entry function. | |||||
| CVE-2014-0137 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2014-05-15 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists. | |||||
| CVE-2013-2226 | 1 Glpi-project | 1 Glpi | 2014-05-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php. | |||||
| CVE-2014-3246 | 1 O-dyn | 1 Collabtive | 2014-05-14 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php. | |||||
| CVE-2013-1803 | 1 Php-fusion | 1 Php-fusion | 2014-05-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. NOTE: the user ID cookie issue in Authenticate.class.php is already covered by CVE-2013-7375. | |||||
| CVE-2009-4238 | 1 Teamst | 1 Testlink | 2014-05-05 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php. | |||||
| CVE-2013-7369 | 1 F-secure | 3 Anti-virus, Email And Server Security, Server Security | 2014-04-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand. | |||||