Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2066 | 1 Dlguard | 1 Dlguard | 2016-12-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | |||||
| CVE-2013-5640 | 1 Raoul Proenca | 1 Gnew | 2016-12-31 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors. | |||||
| CVE-2013-7175 | 1 Avanset | 1 Visual Certexam Manager | 2016-12-31 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field. | |||||
| CVE-2015-3345 | 1 Phplist Integration Project | 1 Phplist Integration | 2016-12-31 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database." | |||||
| CVE-2013-7375 | 1 Php-fusion | 1 Php-fusion | 2016-12-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803. | |||||
| CVE-2013-7349 | 1 Raoul Proenca | 1 Gnew | 2016-12-31 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates. | |||||
| CVE-2013-5003 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-31 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php. | |||||
| CVE-2015-6299 | 1 Cisco | 1 Unity Connection | 2016-12-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. | |||||
| CVE-2015-4222 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2016-12-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325. | |||||
| CVE-2015-4233 | 1 Cisco | 1 Unified Meetingplace | 2016-12-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037. | |||||
| CVE-2015-4208 | 1 Cisco | 1 Webex Meeting Center | 2016-12-28 | 7.5 HIGH | N/A |
| Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. | |||||
| CVE-2015-6659 | 1 Drupal | 1 Drupal | 2016-12-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | |||||
| CVE-2016-2873 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2016-12-23 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-2355 | 1 Dotcms | 1 Dotcms | 2016-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | |||||
| CVE-2016-1000217 | 1 Zotpress Project | 1 Zotpress | 2016-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Zotpress plugin for WordPress SQLi in zp_get_account() | |||||
| CVE-2016-1000122 | 1 Huge-it | 1 Slider | 2016-12-22 | 6.5 MEDIUM | 7.2 HIGH |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||||
| CVE-2016-1000120 | 1 Huge-it | 1 Catalog | 2016-12-22 | 6.5 MEDIUM | 7.2 HIGH |
| SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | |||||
| CVE-2015-6943 | 1 S9y | 1 Serendipity | 2016-12-22 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. | |||||
| CVE-2015-6962 | 1 Teiko | 1 Farol | 2016-12-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. | |||||
| CVE-2015-6548 | 1 Symantec | 1 Web Gateway | 2016-12-22 | 5.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||