Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1067 | 2 Mg12, Wordpress | 2 Wp-recentcomments, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-2937 | 1 Pligg | 1 Pligg Cms | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module. | |||||
| CVE-2012-3000 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Analytics, Big-ip Application Security Manager and 7 more | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. | |||||
| CVE-2012-1911 | 1 Chatelao | 1 Php Address Book | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565. | |||||
| CVE-2012-1673 | 1 Ola Lasisi | 1 E-ticketing | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2012-0728 | 1 Ibm | 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-0939 | 1 Testlink | 1 Testlink | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0982 | 1 Vastal | 1 Agent Zone | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter. | |||||
| CVE-2012-2718 | 2 Drupal, Drupal-id | 2 Drupal, Counter Module | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." | |||||
| CVE-2012-1672 | 1 Useasdf 4444 | 1 Hotel Booking Portal | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter. | |||||
| CVE-2012-2762 | 1 S9y | 1 Serendipity | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. | |||||
| CVE-2012-0727 | 1 Ibm | 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-0983 | 1 Scriptsez | 1 Ez Album | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | |||||
| CVE-2012-1075 | 2 Robert Gonda, Typo3 | 2 Rtg Files, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-0994 | 1 Zenphoto | 1 Zenphoto | 2017-08-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter. | |||||
| CVE-2012-0906 | 2 Dev\!l\'z, Mystarmedia | 2 Dev\!l\'z Clanportal, Moviebase Addon | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php. | |||||
| CVE-2012-2105 | 1 Peter Kovacs | 1 Timesheet Next Gen | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | |||||
| CVE-2012-1506 | 1 Orangehrm | 1 Orangehrm | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1778 | 1 Createvision | 1 Createvision Cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-1934 | 1 Sourcefabric | 1 Newscoop | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. | |||||