Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8363 | 1 Wordpress Spreadsheet Project | 1 Wordpress Spreadsheet | 2014-10-25 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | |||||
| CVE-2014-3978 | 1 Tomatocart | 1 Tomatocart | 2014-10-24 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact. | |||||
| CVE-2014-7201 | 1 Kevin Renskers | 1 Dmmjobcontrol | 2014-10-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/. | |||||
| CVE-2014-8294 | 1 Php Resource | 1 Voice Of Web Allmyguests | 2014-10-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password. | |||||
| CVE-2014-8295 | 1 Bacula | 1 Bacula-web | 2014-10-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | |||||
| CVE-2014-3382 | 1 Cisco | 1 Asa | 2014-10-12 | 7.8 HIGH | N/A |
| The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027. | |||||
| CVE-2014-7981 | 1 Joomla | 1 Joomla\! | 2014-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5308 | 1 Testlink | 1 Testlink | 2014-10-09 | 9.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php. | |||||
| CVE-2014-5503 | 1 Cyberoam | 1 Cyberoam Os | 2014-10-08 | 10.0 HIGH | N/A |
| SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode. | |||||
| CVE-2014-6295 | 1 Wec Map Project | 1 Wec Map | 2014-10-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-6293 | 1 Kennziffer | 1 Statistics | 2014-10-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014. | |||||
| CVE-2012-0811 | 1 Postfix | 1 Postfix | 2014-10-02 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. | |||||
| CVE-2014-7153 | 1 Huge-it | 1 Image Gallery | 2014-09-22 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php. | |||||
| CVE-2014-2376 | 1 Ecava | 1 Integraxor | 2014-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-6239 | 1 Address Visualization With Google Maps Project | 1 Address Visualization With Google Maps | 2014-09-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3904 | 1 Tenfourzero | 1 Shutter | 2014-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5521 | 1 Xrms Crm Project | 1 Xrms Crm | 2014-09-03 | 6.5 MEDIUM | N/A |
| plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. | |||||
| CVE-2014-4197 | 1 Bssys | 1 Rbs Bs-client | 2014-08-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter. | |||||
| CVE-2014-5159 | 1 Alienvault | 1 Open Source Security Information Management | 2014-08-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. | |||||
| CVE-2014-3906 | 1 Kk-osk | 2 Advance-flow, Advance-flow Forms | 2014-08-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-5685 | 1 Zpanelcp | 1 Zpanel | 2014-08-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI. | |||||
| CVE-2014-3773 | 1 Teampass | 1 Teampass | 2014-08-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/. | |||||
| CVE-2014-5183 | 1 Simple Retail Menus Plugin Project | 1 Simple-retail-menus | 2014-08-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php. | |||||
| CVE-2014-5186 | 1 All Video Gallery Plugin Project | 1 All-video-gallery | 2014-08-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php. | |||||
| CVE-2014-5185 | 1 Quartz Plugin Project | 1 Quartz Plugin | 2014-08-07 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php. | |||||
| CVE-2014-5184 | 1 Stripshow Plugin Project | 1 Stripshow | 2014-08-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. | |||||
| CVE-2014-5182 | 1 Ostenta | 1 Yawpp | 2014-08-07 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php. | |||||
| CVE-2014-5180 | 1 Hdwplayer | 1 Hdw-player-video-player-video-gallery | 2014-08-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php. | |||||
| CVE-2014-5089 | 1 Status2k | 1 Status2k | 2014-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | |||||
| CVE-2014-5104 | 1 Ol-commerce Project | 1 Ol-commerce | 2014-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php. | |||||
| CVE-2014-5017 | 1 Limesurvey | 1 Limesurvey | 2014-07-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter. | |||||
| CVE-2014-4939 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2014-07-14 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php. | |||||
| CVE-2014-4944 | 1 Bannersky | 1 Bsk Pdf Manager | 2014-07-14 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php. | |||||
| CVE-2014-4013 | 1 Arubanetworks | 1 Clearpass | 2014-07-14 | 4.9 MEDIUM | N/A |
| SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4938 | 1 Wp Rss Poster Plugin Project | 1 Wp-rss-poster | 2014-07-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php. | |||||
| CVE-2014-3992 | 1 Dolibarr | 1 Dolibarr | 2014-07-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. | |||||
| CVE-2014-4852 | 1 Thedigitalcraft | 1 Atomcms | 2014-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-4850 | 1 Foecms | 1 Foecms | 2014-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||||
| CVE-2014-4741 | 1 Artifectx | 1 Xclassified | 2014-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2014-2934 | 1 Caldera | 1 Caldera | 2014-07-01 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. | |||||
| CVE-2014-4649 | 1 Piwigo | 1 Piwigo | 2014-06-30 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. | |||||
| CVE-2014-2948 | 1 Bizagi | 1 Business Process Management Suite | 2014-06-27 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request. | |||||
| CVE-2014-4307 | 1 Webtitan | 1 Webtitan | 2014-06-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. | |||||
| CVE-2014-4305 | 1 Nice | 1 Recording Express | 2014-06-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3962 | 1 Videos Tube Project | 1 Videos Tube | 2014-06-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php. | |||||
| CVE-2013-5354 | 1 Sharetronix | 1 Sharetronix | 2014-06-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup. | |||||
| CVE-2014-3973 | 1 Frontaccounting | 1 Frontaccounting | 2014-06-06 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3961 | 1 Xnau | 1 Participants Database | 2014-06-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/. | |||||
| CVE-2014-2655 | 1 Postfix Admin Project | 1 Postfix Admin | 2014-06-05 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias. | |||||
| CVE-2014-3937 | 1 Ajaydsouza | 1 Contextual Related Posts | 2014-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||