Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4628 | 1 Limesurvey | 1 Limesurvey | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2015-4612 | 1 Faq-frequenty Asked Questions Project | 1 Faq-frequently Asked Questions | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4676 | 1 Aftab | 1 Tickfa | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action. | |||||
| CVE-2015-4611 | 1 Smoelenboek Project | 1 Smoelenboek | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4613 | 1 Developer Log Project | 1 Developer Log | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4678 | 1 Persian Car Cms Project | 1 Persian Car Cms | 2016-12-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI. | |||||
| CVE-2015-4713 | 1 Apphp | 1 Hotel Site | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. | |||||
| CVE-2015-4188 | 1 Cisco | 1 Prime Collaboration | 2016-12-07 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. | |||||
| CVE-2016-5048 | 1 Readydesk | 1 Readydesk | 2016-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field. | |||||
| CVE-2016-1308 | 1 Samsung | 1 X14j Firmware | 2016-12-06 | 6.5 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. | |||||
| CVE-2015-4137 | 1 Milw0rm Project | 1 Milw0rm Clone Script | 2016-12-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter. | |||||
| CVE-2015-3993 | 1 Actian | 1 Matrix | 2016-12-06 | 6.5 MEDIUM | N/A |
| Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table. | |||||
| CVE-2015-3346 | 1 Wikiwiki Project | 1 Wikiwiki | 2016-12-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-3427 | 2 Debian, Quassel-irc | 2 Debian Linux, Quassel | 2016-12-06 | 7.5 HIGH | N/A |
| Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422. | |||||
| CVE-2016-2950 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-2299 | 1 Ecava | 1 Integraxor | 2016-12-03 | 7.5 HIGH | 7.3 HIGH |
| SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8604 | 1 Cacti | 1 Cacti | 2016-12-03 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | |||||
| CVE-2015-8153 | 1 Symantec | 1 Endpoint Protection Manager | 2016-12-03 | 8.3 HIGH | 8.8 HIGH |
| SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-2956 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2016-12-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-2679 | 1 Genixcms | 1 Genixcms | 2016-12-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. | |||||