Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6931 | 1 Cybozu | 1 Garoon | 2014-02-21 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929. | |||||
| CVE-2013-4662 | 1 Civicrm | 1 Civicrm | 2014-02-21 | 6.5 MEDIUM | N/A |
| The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick. | |||||
| CVE-2013-5012 | 1 Symantec | 1 Web Gateway | 2014-02-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-1852 | 1 Kolja Schleich | 1 Leaguemanager | 2014-02-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php. | |||||
| CVE-2013-1617 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2014-01-17 | 7.4 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-7139 | 1 Cynthia Fridsma | 1 Horizon Quick Content Management System | 2014-01-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2013-7225 | 1 Fatfreecrm | 1 Fat Free Crm | 2014-01-03 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature. | |||||
| CVE-2013-6001 | 1 Cybozu | 1 Garoon | 2014-01-03 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-6929 | 1 Cybozu | 1 Garoon | 2013-12-30 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. | |||||
| CVE-2013-6787 | 1 Chamilo | 1 Chamilo Lms | 2013-12-27 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter. | |||||
| CVE-2013-2627 | 1 Idleman | 1 Leed | 2013-12-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action. | |||||
| CVE-2013-6839 | 1 Instantsoft | 1 Instantcms | 2013-12-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id]. | |||||
| CVE-2013-6985 | 1 Enorth | 1 Webpublisher Cms | 2013-12-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter. | |||||
| CVE-2013-6875 | 1 Nagios | 1 Nagios Xi | 2013-11-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php. | |||||
| CVE-2013-5694 | 1 Opsview | 1 Opsview | 2013-11-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter. | |||||
| CVE-2013-4715 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2013-11-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-5517 | 1 Cisco | 1 Unified Communications Domain Manager | 2013-10-17 | 5.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567. | |||||
| CVE-2013-5931 | 1 Real-estate-php-script | 1 Real Estate Php Script | 2013-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | |||||
| CVE-2013-4137 | 1 Status | 1 Statusnet | 2013-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format." | |||||
| CVE-2013-4682 | 2 Bas Van Beek, Typo3 | 2 Multishop, Typo3 | 2013-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||