Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8355 | 1 Orion-soft | 1 Bitrix | 2018-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php. | |||||
| CVE-2015-7682 | 1 Genetechsolutions | 1 Pie Register | 2018-10-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php. | |||||
| CVE-2015-7670 | 1 Support Ticket System Project | 1 Support Ticket System | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter. | |||||
| CVE-2015-7319 | 1 Codepeople | 1 Appointment Booking Calendar | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username. | |||||
| CVE-2015-6911 | 1 Synology | 1 Video Station | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. | |||||
| CVE-2015-6910 | 1 Synology | 1 Video Station | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. | |||||
| CVE-2015-6516 | 1 Cygnux | 1 Syspass | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php. | |||||
| CVE-2015-5703 | 1 Open-xchange Ox Guard | 1 Open-xchange Ox Guard | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-5533 | 1 Count Per Day Project | 1 Count Per Day | 2018-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2015-4669 | 1 Xceedium | 1 Xsuite | 2018-10-09 | 7.2 HIGH | 7.8 HIGH |
| The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | |||||
| CVE-2015-4614 | 1 Easy2map Project | 1 Easy2map | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors. | |||||
| CVE-2015-4118 | 1 Ispconfig | 1 Ispconfig | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2. | |||||
| CVE-2015-4109 | 1 Usersultra | 1 Usersultra | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-2999 | 1 Sysaid | 1 Sysaid | 2018-10-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp. | |||||
| CVE-2015-2843 | 1 Goautodial | 1 Goadmin Ce | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/. | |||||
| CVE-2015-2824 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php. | |||||
| CVE-2015-2803 | 1 Akronymmanager Project | 1 Akronymmanager | 2018-10-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2015-2564 | 1 Projectsend | 1 Projectsend | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. | |||||
| CVE-2015-2314 | 1 Wpml | 1 Wpml | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. | |||||
| CVE-2015-2237 | 1 Betster Project | 1 Betster | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php. | |||||