Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3937 | 1 Ajaydsouza | 1 Contextual Related Posts | 2014-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3935 | 1 Xoops | 1 Glossaire Module | 2014-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter. | |||||
| CVE-2014-3934 | 1 Phpnuke | 2 Php-nuke, Submit News Module | 2014-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. | |||||
| CVE-2014-3932 | 1 Cososys | 1 Endpoint Protector | 2014-06-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2013-4467 | 1 Vicidial | 1 Vicidial | 2014-05-20 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4970 | 1 Disk Pool Manager Project | 1 Disk Pool Manager | 2014-05-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, or (17) dpm_list_pfr_entry function; the (18) surl variable in the dpm_get_cpr_by_surl function; the (19) to_surl variable in the dpm_get_cpr_by_surls function; the (20) u_token variable in the dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry, or (25) dpm_insert_xferreq_entry function; the (26) s_token variable in the dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, or (33) dpm_update_pfr_entry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry, or (39) dpm_update_spcmd_entry function. | |||||
| CVE-2013-2226 | 1 Glpi-project | 1 Glpi | 2014-05-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php. | |||||
| CVE-2014-3246 | 1 O-dyn | 1 Collabtive | 2014-05-14 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php. | |||||
| CVE-2013-1803 | 1 Php-fusion | 1 Php-fusion | 2014-05-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. NOTE: the user ID cookie issue in Authenticate.class.php is already covered by CVE-2013-7375. | |||||
| CVE-2013-7369 | 1 F-secure | 3 Anti-virus, Email And Server Security, Server Security | 2014-04-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand. | |||||
| CVE-2014-2847 | 1 Construtiva | 1 Cis Manager Cms | 2014-04-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. | |||||
| CVE-2013-7355 | 1 Sap | 1 Bi Universal Data Integration | 2014-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. | |||||
| CVE-2014-1645 | 1 Symantec | 1 Liveupdate Administrator | 2014-03-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-6172 | 1 Roundcube | 1 Webmail | 2014-03-26 | 7.5 HIGH | N/A |
| steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code. | |||||
| CVE-2013-5117 | 1 Zldnn | 1 Dnnarticle | 2014-03-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | |||||
| CVE-2014-2317 | 1 Opendocman | 1 Opendocman | 2014-03-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-1945 | 1 Opendocman | 1 Opendocman | 2014-03-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. | |||||
| CVE-2014-2211 | 1 Posh Project | 1 Posh | 2014-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. | |||||
| CVE-2014-2245 | 1 Cmsmadesimple | 1 Cms Made Simple | 2014-03-07 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-6930 | 1 Cybozu | 1 Garoon | 2014-02-21 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929. | |||||