Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2174 | 1 Apache | 1 Ranger | 2016-06-14 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. | |||||
| CVE-2015-4426 | 1 Pimcore | 1 Pimcore | 2016-06-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. | |||||
| CVE-2014-1471 | 1 Otrs | 1 Otrs | 2016-06-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL. | |||||
| CVE-2015-7876 | 1 Drupal 7 Driver For Sql Server And Sql Azure Project | 1 Drupal 7 Driver For Sql Server And Sql Azure | 2016-06-01 | 7.5 HIGH | N/A |
| The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function. | |||||
| CVE-2016-4350 | 1 Solarwinds | 1 Storage Resource Monitor | 2016-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet. | |||||
| CVE-2016-2351 | 1 Accellion | 1 File Transfer Appliance | 2016-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter. | |||||
| CVE-2016-2301 | 1 Ecava | 1 Integraxor | 2016-04-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-4040 | 1 Dotcms | 1 Dotcms | 2016-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-0710 | 1 Apache | 1 Jetspeed | 2016-04-20 | 7.5 HIGH | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/. | |||||
| CVE-2015-1008 | 1 Emerson | 1 Ams Device Manager | 2016-04-06 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. | |||||
| CVE-2015-7448 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2016-03-22 | 6.5 MEDIUM | 5.4 MEDIUM |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1154 | 1 Cuore | 1 Ec-cube Help Plugin | 2016-03-02 | 7.5 HIGH | 9.1 CRITICAL |
| SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-3947 | 1 Advantech | 1 Webaccess | 2016-01-18 | 6.5 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-5023 | 1 Ibm | 1 Curam Social Program Management | 2016-01-06 | 6.5 MEDIUM | 5.4 MEDIUM |
| SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-7784 | 1 Bokublock | 2 Bbadminviewscontrol, Bbadminviewscontrol213 | 2015-12-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-6537 | 1 Epiphanyhealthdata | 1 Cardio Server | 2015-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | |||||
| CVE-2014-2949 | 1 F5 | 1 Arx Data Manager | 2015-12-04 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-9057 | 2 Debian, Sixapart | 2 Debian Linux, Movable Type | 2015-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-1989 | 1 Ibm | 1 Security Qradar Incident Forensics | 2015-11-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5082 | 1 Sphider | 1 Sphider | 2015-11-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter. | |||||
| CVE-2015-5308 | 1 Wp-championship Project | 1 Wp-championship | 2015-11-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter. | |||||
| CVE-2014-5458 | 1 Php-sqrl Project | 1 Php-sqrl | 2015-11-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter. | |||||
| CVE-2014-5399 | 1 Invensys | 1 Wonderware Information Server | 2015-11-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5389 | 1 Content Audit Project | 1 Content Audit | 2015-11-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php. | |||||
| CVE-2015-5668 | 1 Techno Project Japan | 1 Enisys Gw | 2015-10-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-7903 | 1 Infinite Automation Systems | 1 Mango Automation | 2015-10-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-6486 | 1 Rockwellautomation | 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware | 2015-10-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3757 | 1 Phpmanufaktur | 1 Kitform | 2015-10-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter. | |||||
| CVE-2015-7727 | 1 Sap | 1 Hana | 2015-10-16 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898. | |||||
| CVE-2015-7725 | 1 Sap | 1 Hana | 2015-10-16 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765. | |||||
| CVE-2015-5659 | 1 Network Applied Communication Laboratory | 1 Shimane Prefecture Cms | 2015-10-13 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-5648 | 1 Loenshotel | 1 Phprechnung | 2015-10-13 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2351 | 1 Controlsystemworks | 1 Csworks | 2015-10-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests. | |||||
| CVE-2015-5642 | 1 Icz | 1 Matchasns | 2015-10-07 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-5641 | 1 E-catchup | 1 Basercms | 2015-10-06 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4967 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2015-10-06 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4960 | 1 Joomlaboat | 1 Com Youtubegallery | 2015-10-06 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php. | |||||
| CVE-2014-5102 | 1 Vbulletin | 1 Vbulletin | 2015-10-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items. | |||||
| CVE-2014-4858 | 1 Sabreairlinesolutions | 5 Crew Management, Crew Operations, Crew Planning and 2 more | 2015-10-06 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. | |||||
| CVE-2015-0684 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. | |||||
| CVE-2014-3871 | 1 Geodesicsolutions | 1 Geocore Max | 2015-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823. | |||||
| CVE-2014-3872 | 1 D-link | 2 Dap-1350, Dap-1350 Firmware | 2015-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. | |||||
| CVE-2015-7382 | 1 Refbase | 1 Refbase | 2015-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009. | |||||
| CVE-2015-6829 | 1 Ciphercoin | 1 Wp Limit Login Attempts | 2015-09-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header. | |||||
| CVE-2014-3275 | 1 Cisco | 1 Identity Services Engine Software | 2015-09-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337. | |||||
| CVE-2014-0726 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. | |||||
| CVE-2014-0734 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483. | |||||
| CVE-2014-0727 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. | |||||
| CVE-2015-6915 | 1 Montala | 1 Resourcespace | 2015-09-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php. | |||||
| CVE-2015-0715 | 1 Cisco | 1 Unity Connection | 2015-09-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. | |||||