Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15983 | 1 Geniusocean | 1 Mymagazine Magazine \& Blog Cms | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | |||||
| CVE-2017-15986 | 1 Cpa Lead Reward Script Project | 1 Cpa Lead Reward Script | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| CPA Lead Reward Script allows SQL Injection via the username parameter. | |||||
| CVE-2017-15985 | 1 Readymadeb2bscript | 1 Basic B2b Script | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. | |||||
| CVE-2017-15979 | 1 Odallated | 1 Shareet | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. | |||||
| CVE-2017-15984 | 1 Bekirk | 1 Creative Management System Lite | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. | |||||
| CVE-2017-15987 | 1 Fake Magazine Cover Script Project | 1 Fake Magazine Cover Script | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. | |||||
| CVE-2017-15991 | 1 Vastal | 1 Agent Zone | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. | |||||
| CVE-2017-14356 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2017-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. | |||||
| CVE-2017-15980 | 1 Rowindex | 1 Us Zip Codes Database Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. | |||||
| CVE-2017-15976 | 1 Zeescripts | 1 Zeebuddy | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604. | |||||
| CVE-2017-15975 | 1 Vastal | 1 Dating Zone | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. | |||||
| CVE-2017-15960 | 1 Yourarticlesdirectory | 1 Article Directory Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. | |||||
| CVE-2017-15964 | 1 Nicephpscripts | 1 Job Board Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. | |||||
| CVE-2017-15961 | 1 Iproject Management System Project | 1 Iproject Management System | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php. | |||||
| CVE-2017-15958 | 1 Domainzaar | 1 D-park Pro | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php. | |||||
| CVE-2017-15989 | 1 Online Exam Test Application Project | 1 Online Exam Test Application | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. | |||||
| CVE-2017-15978 | 1 Arox | 1 School Erp Php Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. | |||||
| CVE-2017-15977 | 1 Protectedlinks | 1 Expiring Download Links | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter. | |||||
| CVE-2017-15992 | 1 Website Broker Script Project | 1 Website Broker Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. | |||||
| CVE-2017-15993 | 1 Zomato Clone Script Project | 1 Zomato Clone Script | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. | |||||
| CVE-2017-15967 | 1 Mailing-manager | 1 Mailing List Manager Pro | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template. | |||||
| CVE-2017-15966 | 1 Zh Yandexmap Project | 1 Zh Yandexmap | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php. | |||||
| CVE-2017-15965 | 1 Nswd | 1 Ns Download Shop | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. | |||||
| CVE-2017-15968 | 1 Contractorscripts | 1 Mybuildersite | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. | |||||
| CVE-2017-15969 | 1 Pilotgroup | 1 Allsharevideo | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. | |||||
| CVE-2017-15970 | 1 Phpcityportal | 1 Phpcityportal | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter. | |||||
| CVE-2017-15963 | 1 Itechscripts | 1 Gigs Script | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. | |||||
| CVE-2008-3604 | 1 Zeescripts | 1 Zeebuddy | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||||
| CVE-2017-15959 | 1 Adultscriptpro | 1 Adultscriptpro | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. | |||||
| CVE-2017-15974 | 1 Datacomponents | 1 Tpanel | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. | |||||
| CVE-2017-15973 | 1 Sokial | 1 Sokial | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php. | |||||
| CVE-2017-15972 | 1 Softdatepro | 1 Dating Software | 2017-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971. | |||||
| CVE-2013-0140 | 1 Mcafee | 1 Epolicy Orchestrator | 2017-11-16 | 7.9 HIGH | N/A |
| SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel. | |||||
| CVE-2012-4570 | 1 Letodms Project | 1 Letodms | 2017-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2023 | 1 Tapatalk | 1 Tapatalk | 2017-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. | |||||
| CVE-2017-15907 | 1 Phpcollab | 1 Phpcollab | 2017-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. | |||||
| CVE-2017-15919 | 1 Accesspressthemes | 1 Ultimate-form-builder-lite | 2017-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. | |||||
| CVE-2017-15949 | 1 Angry-frog | 1 Xavier | 2017-11-14 | 6.5 MEDIUM | 7.2 HIGH |
| Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. | |||||
| CVE-2017-15081 | 1 Phpsugar | 1 Php Melody | 2017-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. | |||||
| CVE-2016-1000115 | 1 Huge-it | 1 Portfolio Gallery Manager | 2017-11-13 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2017-14723 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | |||||
| CVE-2017-12710 | 1 Advantech | 1 Webaccess | 2017-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. | |||||
| CVE-2017-15578 | 1 Phpsugar | 1 Php Melody | 2017-11-08 | 6.0 MEDIUM | 8.8 HIGH |
| In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | |||||
| CVE-2017-15579 | 1 Phpsugar | 1 Php Melody | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | |||||
| CVE-2017-15539 | 1 Zorovavi\/blog Project | 1 Zorovavi\/blog | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | |||||
| CVE-2017-6050 | 1 Ecava | 1 Integraxor | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries. | |||||
| CVE-2015-4342 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2017-11-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. | |||||
| CVE-2014-9095 | 1 Raritan | 1 Power Iq | 2017-11-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records. | |||||
| CVE-2017-2133 | 1 Panasonic | 2 Kx-hjb1000, Kx-hjb1000 Firmware | 2017-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-5376 | 1 Gsi-office | 1 Winpat Portal | 2017-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | |||||