Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6696 | 2 Manu Oehler, Typo3 | 2 Toto, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2008-6678 | 1 Quickersite | 1 Quickersite | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp. | |||||
| CVE-2008-6573 | 1 Avaya | 1 Communication Manager | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server. | |||||
| CVE-2008-6462 | 2 Kurt Gusbeth, Typo3 | 2 Myquizpoll, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-7221 | 1 Opentext | 1 Documentum Content Server | 2017-08-16 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. | |||||
| CVE-2017-2641 | 1 Moodle | 1 Moodle | 2017-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | |||||
| CVE-2017-12567 | 1 Quest | 3 K1000 As A Service, Kace Asset Management Appliance, Kace Systems Management Appliance | 2017-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. | |||||
| CVE-2017-12650 | 1 Loginizer | 1 Loginizer | 2017-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. | |||||
| CVE-2017-12585 | 1 Slims | 1 Akasia | 2017-08-14 | 6.5 MEDIUM | 8.8 HIGH |
| SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users. | |||||
| CVE-2017-9418 | 1 Goldplugins | 1 Testimonials Plugin Easy Testimonials | 2017-08-13 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. | |||||
| CVE-2017-9603 | 1 Intensewp | 1 Wp Jobs | 2017-08-13 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. | |||||
| CVE-2017-8835 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2017-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database. | |||||
| CVE-2017-9429 | 1 Event List Project | 1 Event List | 2017-08-13 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. | |||||
| CVE-2017-7952 | 1 Infor | 1 Enterprise Asset Management | 2017-08-13 | 6.5 MEDIUM | 8.8 HIGH |
| INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. | |||||
| CVE-2016-7508 | 1 Glpi-project | 1 Glpi | 2017-08-12 | 6.0 MEDIUM | 7.5 HIGH |
| Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding. | |||||
| CVE-2015-2798 | 1 Web-dorado | 1 Contact Form Maker | 2017-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5975 | 1 Activewebsoftwares | 1 Active Price Comparison | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2017-11384 | 1 Trendmicro | 1 Control Manager | 2017-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561. | |||||
| CVE-2008-5946 | 1 Php-fusion | 1 Php-fusion | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2008-5122 | 1 Ektron | 1 Cms4000.net | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter. | |||||