Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9560 | 1 Softbb | 1 Softbb | 2015-01-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||||
| CVE-2014-100035 | 1 Licensepal | 1 Arcticdesk | 2015-01-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-100012 | 1 Sendy | 1 Sendy | 2015-01-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||||
| CVE-2014-10015 | 1 Phpjabbers | 1 Event Booking Calendar | 2015-01-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2014-4644 | 1 Cacti | 1 Superlinks | 2015-01-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2015-0919 | 1 Sefrengo | 1 Sefrengo | 2015-01-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. | |||||
| CVE-2014-9455 | 1 Cts Projects\&software | 1 Classad | 2015-01-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2014-9450 | 1 Zabbix | 1 Zabbix | 2015-01-06 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter. | |||||
| CVE-2014-9457 | 1 Pmb Services | 1 Pmb | 2015-01-05 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. | |||||
| CVE-2014-9442 | 1 Reality66 | 1 Cart66 Lite | 2015-01-05 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-9435 | 1 Absolutengine | 1 Absolut Engine | 2015-01-05 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php. | |||||
| CVE-2014-9464 | 1 Microweber | 1 Microweber | 2015-01-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. | |||||
| CVE-2010-5317 | 1 Basic-cms | 1 Sweetrice | 2015-01-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action. | |||||
| CVE-2014-9254 | 1 Minibb | 1 Minibb | 2015-01-03 | 7.5 HIGH | N/A |
| bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php. | |||||
| CVE-2011-5286 | 1 Social Slider Project | 1 Social Slider | 2015-01-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter. | |||||
| CVE-2011-5313 | 1 Redaxscript | 1 Redaxscript | 2015-01-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. | |||||
| CVE-2014-9115 | 1 Piwigo | 1 Piwigo | 2014-12-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit. | |||||
| CVE-2014-8306 | 1 C97 | 1 Cart Engine | 2014-12-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter. | |||||
| CVE-2012-5694 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2014-12-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/. | |||||
| CVE-2014-9345 | 1 Guruperl | 1 Advertise With Pleasure\! | 2014-12-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi. | |||||