Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0036 | 1 Curl | 2 Curl, Libcurl | 2018-01-10 | 7.5 HIGH | N/A |
| curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. | |||||
| CVE-2011-4816 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2018-01-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-17983 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 6.5 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | |||||
| CVE-2017-17873 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. | |||||
| CVE-2017-17941 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2018-01-09 | 6.5 MEDIUM | 7.2 HIGH |
| PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | |||||
| CVE-2017-17892 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. | |||||
| CVE-2017-17906 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | |||||
| CVE-2017-17895 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | |||||
| CVE-2017-0304 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2018-01-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. | |||||
| CVE-2011-4542 | 1 Hastymail | 1 Hastymail2 | 2018-01-06 | 7.5 HIGH | N/A |
| Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI. | |||||
| CVE-2012-0226 | 1 Invensys | 1 Wonderware Information Server | 2018-01-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-1777 | 1 F5 | 1 Firepass | 2018-01-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. | |||||
| CVE-2017-17645 | 1 Phpautoclassifiedscript | 1 Bus Booking Script | 2018-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. | |||||
| CVE-2012-0244 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. | |||||
| CVE-2011-4521 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. | |||||
| CVE-2012-0234 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. | |||||
| CVE-2017-16735 | 1 Ecava | 1 Integraxor | 2018-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. | |||||
| CVE-2017-16733 | 1 Ecava | 1 Integraxor | 2018-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. | |||||
| CVE-2017-17731 | 1 Dedecms | 1 Dedecms | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | |||||
| CVE-2017-17730 | 1 Dedecms | 1 Dedecms | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | |||||