Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7235 | 1 Cp Reservation Calender Project | 1 Cp Reservation Calender | 2016-12-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI. | |||||
| CVE-2015-6329 | 1 Cisco | 1 Prime Collaboration Provisioning | 2016-12-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. | |||||
| CVE-2015-6331 | 1 Cisco | 1 Prime Collaboration Assurance | 2016-12-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887. | |||||
| CVE-2015-6522 | 1 Wpsymposium | 1 Wp Symposium | 2016-12-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. | |||||
| CVE-2013-1434 | 1 Cacti | 1 Cacti | 2016-12-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-6625 | 1 Vasthtml | 1 Forumpress | 2016-12-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action. | |||||
| CVE-2012-0868 | 1 Postgresql | 1 Postgresql | 2016-12-08 | 6.8 MEDIUM | N/A |
| CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored. | |||||
| CVE-2015-8769 | 1 Joomla | 1 Joomla\! | 2016-12-07 | 7.5 HIGH | 7.3 HIGH |
| SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8369 | 1 Cacti | 1 Cacti | 2016-12-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | |||||
| CVE-2015-8377 | 1 Cacti | 1 Cacti | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. | |||||
| CVE-2015-6433 | 1 Cisco | 1 Unified Communications Manager | 2016-12-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | |||||
| CVE-2015-6319 | 2 Cisco, Sun | 23 Rv016 Multi-wan Vpn Router, Rv042 Dual Wan Vpn Router, Rv042g Dual Gigabit Wan Vpn Router and 20 more | 2016-12-07 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574. | |||||
| CVE-2015-6345 | 1 Cisco | 1 Secure Access Control Server | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. | |||||
| CVE-2015-6350 | 1 Cisco | 1 Prime Service Catalog | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. | |||||
| CVE-2015-5459 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. | |||||
| CVE-2015-5504 | 1 Novalnet | 1 Novalnet Payment Module Ubercart- | 2016-12-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-5078 | 1 Limesurvey | 1 Limesurvey | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter. | |||||
| CVE-2015-4610 | 1 Store Locator Project | 1 Store Locator | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4654 | 1 Joomla | 1 Joomla\! | 2016-12-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent. | |||||
| CVE-2015-4609 | 1 Wt Directory Project | 1 Wt Directory | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||