Export limit exceeded: 24693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5653 | 1 Misys | 1 Fusioncapital Opics Plus | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter. | ||||
| CVE-2016-4507 | 1 Bosch | 1 Bladecontrol-webvis | 2025-04-12 | 6.4 Medium |
| SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-7448 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2025-04-12 | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-4970 | 1 Disk Pool Manager Project | 1 Disk Pool Manager | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, or (17) dpm_list_pfr_entry function; the (18) surl variable in the dpm_get_cpr_by_surl function; the (19) to_surl variable in the dpm_get_cpr_by_surls function; the (20) u_token variable in the dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry, or (25) dpm_insert_xferreq_entry function; the (26) s_token variable in the dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, or (33) dpm_update_pfr_entry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry, or (39) dpm_update_spcmd_entry function. | ||||
| CVE-2011-5272 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | N/A |
| SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers. | ||||
| CVE-2011-5286 | 1 Social Slider Project | 1 Social Slider | 2025-04-12 | N/A |
| SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter. | ||||
| CVE-2011-5313 | 1 Redaxscript | 1 Redaxscript | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. | ||||
| CVE-2014-5249 | 1 Biblio Autocomplete Project | 1 Biblio Autocomplete | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-2563 | 1 Vastal | 1 Phpvid | 2025-04-12 | N/A |
| SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157. | ||||
| CVE-2014-5201 | 1 Gallery Objects Project | 1 Gallery Objects | 2025-04-12 | N/A |
| SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php. | ||||
| CVE-2014-5200 | 1 Fb Gorilla Project | 1 Fb Gorilla | 2025-04-12 | N/A |
| SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2015-2564 | 1 Projectsend | 1 Projectsend | 2025-04-12 | N/A |
| SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. | ||||
| CVE-2015-2213 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. | ||||
| CVE-2012-6654 | 1 Zpanelcp | 1 Zpanel | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) resetkey or (2) inConfEmail parameter to index.php, a different vulnerability than CVE-2012-5685. | ||||
| CVE-2014-3339 | 1 Cisco | 2 Unified Communications Domain Manager, Unified Presence Server | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. | ||||
| CVE-2013-0735 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. | ||||
| CVE-2013-1408 | 1 Wysija Newsletters Project | 1 Wysija Newsletters | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | ||||
| CVE-2012-5849 | 1 Clip-bucket | 1 Clipbucket | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php. | ||||
| CVE-2014-3382 | 1 Cisco | 1 Asa | 2025-04-12 | N/A |
| The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027. | ||||
| CVE-2014-6239 | 1 Address Visualization With Google Maps Project | 1 Address Visualization With Google Maps | 2025-04-12 | N/A |
| SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||