Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5180 | 1 Hdwplayer | 1 Hdw-player-video-player-video-gallery | 2014-08-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php. | |||||
| CVE-2014-5089 | 1 Status2k | 1 Status2k | 2014-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | |||||
| CVE-2014-5104 | 1 Ol-commerce Project | 1 Ol-commerce | 2014-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php. | |||||
| CVE-2014-5017 | 1 Limesurvey | 1 Limesurvey | 2014-07-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter. | |||||
| CVE-2014-4939 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2014-07-14 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php. | |||||
| CVE-2014-4944 | 1 Bannersky | 1 Bsk Pdf Manager | 2014-07-14 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php. | |||||
| CVE-2014-4013 | 1 Arubanetworks | 1 Clearpass | 2014-07-14 | 4.9 MEDIUM | N/A |
| SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4938 | 1 Wp Rss Poster Plugin Project | 1 Wp-rss-poster | 2014-07-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php. | |||||
| CVE-2014-4852 | 1 Thedigitalcraft | 1 Atomcms | 2014-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-4850 | 1 Foecms | 1 Foecms | 2014-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||||
| CVE-2014-4741 | 1 Artifectx | 1 Xclassified | 2014-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2014-2934 | 1 Caldera | 1 Caldera | 2014-07-01 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. | |||||
| CVE-2014-4649 | 1 Piwigo | 1 Piwigo | 2014-06-30 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. | |||||
| CVE-2014-2948 | 1 Bizagi | 1 Business Process Management Suite | 2014-06-27 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request. | |||||
| CVE-2014-4307 | 1 Webtitan | 1 Webtitan | 2014-06-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. | |||||
| CVE-2014-4305 | 1 Nice | 1 Recording Express | 2014-06-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3962 | 1 Videos Tube Project | 1 Videos Tube | 2014-06-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php. | |||||
| CVE-2013-5354 | 1 Sharetronix | 1 Sharetronix | 2014-06-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup. | |||||
| CVE-2014-3973 | 1 Frontaccounting | 1 Frontaccounting | 2014-06-06 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2655 | 1 Postfix Admin Project | 1 Postfix Admin | 2014-06-05 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias. | |||||