Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4967 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2015-10-06 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4960 | 1 Joomlaboat | 1 Com Youtubegallery | 2015-10-06 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php. | |||||
| CVE-2014-5102 | 1 Vbulletin | 1 Vbulletin | 2015-10-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items. | |||||
| CVE-2014-4858 | 1 Sabreairlinesolutions | 5 Crew Management, Crew Operations, Crew Planning and 2 more | 2015-10-06 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. | |||||
| CVE-2015-0684 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. | |||||
| CVE-2014-3871 | 1 Geodesicsolutions | 1 Geocore Max | 2015-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823. | |||||
| CVE-2015-7382 | 1 Refbase | 1 Refbase | 2015-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009. | |||||
| CVE-2015-6829 | 1 Ciphercoin | 1 Wp Limit Login Attempts | 2015-09-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header. | |||||
| CVE-2014-3275 | 1 Cisco | 1 Identity Services Engine Software | 2015-09-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337. | |||||
| CVE-2014-0734 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483. | |||||
| CVE-2014-0726 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. | |||||
| CVE-2014-0727 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. | |||||
| CVE-2015-6915 | 1 Montala | 1 Resourcespace | 2015-09-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php. | |||||
| CVE-2015-0715 | 1 Cisco | 1 Unity Connection | 2015-09-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. | |||||
| CVE-2014-5383 | 1 Alienvault | 1 Open Source Security Information Management | 2015-09-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5201 | 1 Gallery Objects Project | 1 Gallery Objects | 2015-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-4194 | 1 Aas9 | 1 Zerocms | 2015-09-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action. | |||||
| CVE-2006-3823 | 1 Geodesicsolutions | 2 Geoauctions Premier, Geoclassifieds Basic | 2015-09-01 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter. | |||||
| CVE-2014-3996 | 1 Manageengine | 3 Desktop Central, It360, Password Manager Pro | 2015-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat. | |||||
| CVE-2015-6519 | 1 Arabportal | 1 Arab Portal | 2015-08-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php. | |||||