Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5697 | 2 Apache, Simone Tellini | 2 Http Server, Mod Accounting | 2013-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header. | |||||
| CVE-2012-3132 | 1 Oracle | 1 Database Server | 2013-10-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS. | |||||
| CVE-2013-5967 | 1 Alienvault | 1 Open Source Security Information Management | 2013-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/. | |||||
| CVE-2013-4809 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2013-09-26 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter. | |||||
| CVE-2013-5917 | 2 Rodrigo Coimbra, Wordpress | 2 Nospam Pti, Wordpress | 2013-09-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter. | |||||
| CVE-2010-1049 | 1 Uiga | 1 Business Portal | 2013-09-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php. | |||||
| CVE-2011-5168 | 1 Bananadance | 1 Banana Dance | 2013-09-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2013-3602 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter. | |||||
| CVE-2010-4849 | 1 Alibabaclone | 1 Alibaba Clone B2b | 2013-09-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter. | |||||
| CVE-2010-5020 | 1 Netartmedia | 1 Iboutique | 2013-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2009-4456 | 1 Greendesktiny | 1 Green Desktiny | 2013-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-6584 | 1 Myrephp | 1 Myre Realty Manager | 2013-08-27 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php. | |||||
| CVE-2012-6586 | 1 Myrephp | 1 Myre Vacation Rental | 2013-08-27 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php. | |||||
| CVE-2012-6588 | 1 Myrephp | 1 Myre Business Directory | 2013-08-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2013-4882 | 1 Mcafee | 2 Epolicy Orchestrator, Epolicy Orchestrator Agent | 2013-08-22 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140. | |||||
| CVE-2010-2131 | 2 Mario Matzulla, Typo3 | 2 Cal, Typo3 | 2013-08-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. | |||||
| CVE-2013-5321 | 1 Alienvault | 1 Open Source Security Information Management | 2013-08-21 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php. | |||||
| CVE-2013-5311 | 1 Vastal | 1 Phpvid | 2013-08-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157. | |||||
| CVE-2013-3412 | 1 Cisco | 1 Unified Communications Manager | 2013-08-20 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | |||||
| CVE-2013-3404 | 1 Cisco | 1 Unified Communications Manager | 2013-08-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. | |||||
| CVE-2011-4801 | 1 Authenex | 1 Authenex Strong Authentication System Server | 2013-08-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-7247 | 2 Joomla, Mambo-foundation | 3 Com Weblinks, Joomla\!, Mambo | 2013-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
| CVE-2013-5121 | 1 Phpfox | 1 Phpfox | 2013-08-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/. | |||||
| CVE-2013-5120 | 1 Phpfox | 1 Phpfox | 2013-08-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/. | |||||
| CVE-2013-4789 | 1 Cotonti | 1 Cotonti Siena | 2013-08-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php. | |||||
| CVE-2013-4619 | 1 Open-emr | 1 Openemr | 2013-08-13 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter to custom/chart_tracker.php. | |||||
| CVE-2013-4953 | 1 Topgames | 1 Top Games Script | 2013-07-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter. | |||||
| CVE-2013-4945 | 1 Bmc | 1 Service Desk Express | 2013-07-30 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx. | |||||
| CVE-2013-4952 | 1 Elemata | 1 Elemata Cms | 2013-07-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2013-3578 | 1 Wave | 2 Embassy Remote Administration Server, Embassy Remote Administration Server Help Desk | 2013-07-16 | 9.0 HIGH | N/A |
| SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands. | |||||
| CVE-2013-3577 | 1 Wave | 2 Embassy Remote Administration Server, Embassy Remote Administration Server Help Desk | 2013-07-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote attackers to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field). | |||||
| CVE-2012-4265 | 1 Itechscripts | 1 Proman Xpress | 2013-07-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2013-1613 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2013-07-08 | 4.7 MEDIUM | N/A |
| SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4739 | 2 Aretimes, Joomla | 2 Com Maianmedia, Joomla\! | 2013-07-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php. | |||||
| CVE-2013-4745 | 2 Kurt Gusbeth, Typo3 | 2 Myquizpoll, Typo3 | 2013-07-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-4941 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2013-06-26 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-3957 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2013-06-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-1842 | 1 Typo3 | 1 Typo3 | 2013-06-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values." | |||||
| CVE-2013-3721 | 1 Psychostats | 1 Psychostats | 2013-05-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter. | |||||
| CVE-2013-3536 | 1 Whmcs | 2 Group Pay, Whmcs | 2013-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter. | |||||
| CVE-2013-3522 | 1 Vbulletin | 1 Vbulletin | 2013-05-13 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter. | |||||
| CVE-2013-0684 | 1 Invensys | 1 Wonderware Information Server | 2013-05-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-3510 | 1 Gwos | 1 Groundwork Monitor | 2013-05-08 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component. | |||||
| CVE-2013-1177 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2013-04-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. | |||||
| CVE-2012-2086 | 1 Gajim | 1 Gajim | 2013-04-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. | |||||
| CVE-2013-1748 | 1 Chatelao | 1 Php Address Book | 2013-04-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2. | |||||
| CVE-2012-5453 | 1 Atutor | 1 Acontent | 2013-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167. | |||||
| CVE-2013-1163 | 1 Cisco | 1 Connected Grid Network Management System | 2013-04-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746. | |||||
| CVE-2013-0123 | 1 Askia | 1 Askiaweb | 2013-03-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to WebProd/pages/pgadmin.asp. | |||||
| CVE-2012-5590 | 2 Drupal, Scripthead | 2 Drupal, Webmail Plus | 2013-02-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||