Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1466 | 1 Csp Mysql User Manager Project | 1 Csp Mysql User Manager | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. | |||||
| CVE-2014-3055 | 1 Ibm | 2 Websphere Portal, Websphere Portal Unified Task List Portlet | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-7187 | 1 Ncrafts | 1 Formcraft | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2013-6936 | 1 Mybb | 1 Ajax Forum Stat | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter. | |||||
| CVE-2014-1204 | 1 Tableausoftware | 1 Tableau Server | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled. | |||||
| CVE-2014-2708 | 1 Cacti | 1 Cacti | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter. | |||||
| CVE-2014-3336 | 1 Cisco | 1 Unity Connection | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. | |||||
| CVE-2014-3366 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | |||||
| CVE-2013-7216 | 1 Etoshop | 1 Classifieds Creator | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to demo/classifieds/product.asp, or (2) UserID or (3) Password field to demo/classifieds/admin.asp. | |||||
| CVE-2014-4034 | 1 Aas9 | 1 Zerocms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
| CVE-2013-4683 | 2 Christophe Balisky, Typo3 | 2 Meta Feedit, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-0735 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. | |||||
| CVE-2013-1408 | 1 Wysija Newsletters Project | 1 Wysija Newsletters | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | |||||
| CVE-2013-3524 | 1 Simpilotgroup | 1 Pop Up News | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS. | |||||
| CVE-2013-2956 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-3532 | 2 Webdorado, Wordpress | 2 Spider Video Player, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter. | |||||
| CVE-2013-4016 | 1 Ibm | 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 4 more | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text. | |||||
| CVE-2013-1893 | 1 Owncloud | 1 Owncloud | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application. | |||||
| CVE-2013-6164 | 1 Projeqtor | 1 Projeqtor | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter. | |||||
| CVE-2013-3537 | 1 Wesley Destailleur | 1 Todoo Forum | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter. | |||||