Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3000 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Analytics, Big-ip Application Security Manager and 7 more | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. | ||||
| CVE-2012-3469 | 1 Ushahidi | 1 Ushahidi Platform | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php. | ||||
| CVE-2012-3951 | 1 Sonicwall | 1 Scrutinizer | 2025-04-11 | N/A |
| The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session. | ||||
| CVE-2012-6507 | 1 Jason Sexauer | 1 Churchcms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action. | ||||
| CVE-2012-6516 | 1 Shawn Bradley | 1 Php Ticket System | 2025-04-11 | N/A |
| SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php. | ||||
| CVE-2012-6519 | 1 Diy-cms | 1 Diy-cms | 2025-04-11 | N/A |
| SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php. | ||||
| CVE-2012-6520 | 1 Wikidforum | 1 Wikidforum | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties. | ||||
| CVE-2012-6524 | 1 Powie | 1 Pgb | 2025-04-11 | N/A |
| SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2012-6525 | 1 Phpbridges Dev Team | 1 Phpbridges | 2025-04-11 | N/A |
| SQL injection vulnerability in members.php in PHPBridges allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2012-6529 | 1 Marinet | 1 Marinet Cms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php. | ||||
| CVE-2012-6588 | 1 Myrephp | 1 Myre Business Directory | 2025-04-11 | N/A |
| SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2012-6626 | 1 Brian Cabunac | 1 Browser To Email Phone Message System | 2025-04-11 | N/A |
| SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | ||||
| CVE-2012-6625 | 1 Vasthtml | 1 Forumpress | 2025-04-11 | N/A |
| SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action. | ||||
| CVE-2010-4865 | 2 Harmistechnology, Joomla | 2 Com Jeguestbook, Joomla\! | 2025-04-11 | N/A |
| SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. | ||||
| CVE-2010-4869 | 1 Drbenhur | 1 Dbhcms | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter. | ||||
| CVE-2013-3033 | 1 Ibm | 1 Tivoli Remote Control | 2025-04-11 | N/A |
| SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-3510 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component. | ||||
| CVE-2013-3527 | 1 Vanillaforums | 1 Vanilla | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest. | ||||
| CVE-2013-4745 | 2 Kurt Gusbeth, Typo3 | 2 Myquizpoll, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-6417 | 2 Redhat, Rubyonrails | 5 Cloudforms Managementengine, Openstack, Rhel Software Collections and 2 more | 2025-04-11 | N/A |
| actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155. | ||||