Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14960 | 1 Opentext | 1 Document Sciences Xpression | 2018-01-17 | 5.0 MEDIUM | 7.5 HIGH |
| xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection. | |||||
| CVE-2014-4914 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2018-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | |||||
| CVE-2017-17875 | 1 Jextn | 1 Jextn Faq Pro | 2018-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action. | |||||
| CVE-2017-17872 | 1 Jextn | 1 Jextn Video Gallery | 2018-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. | |||||
| CVE-2018-3811 | 1 Oturia | 1 Smart Google Code Inserter | 2018-01-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query. | |||||
| CVE-2017-1000444 | 1 Openhacker Project | 1 Openhacker | 2018-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution | |||||
| CVE-2015-3637 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2018-01-11 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. | |||||
| CVE-2017-17870 | 1 Jbuildozer | 1 Jbuildozer | 2018-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. | |||||
| CVE-2012-2576 | 1 Solarwinds | 3 Backup Profiler, Storage Manager, Storage Profiler | 2018-01-11 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | |||||
| CVE-2012-1784 | 1 Myjoblist | 1 Myjoblist | 2018-01-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php. | |||||
| CVE-2012-1557 | 1 Parallels | 1 Parallels Plesk Panel | 2018-01-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. | |||||
| CVE-2012-0293 | 1 Symantec | 1 Altiris Wise Package Studio | 2018-01-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-2640 | 1 Interlogy | 1 Profile Manager | 2018-01-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action. | |||||
| CVE-2017-17931 | 1 Resume Clone Script Project | 1 Resume Clone Script | 2018-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | |||||
| CVE-2017-17928 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | |||||
| CVE-2012-0036 | 1 Curl | 2 Curl, Libcurl | 2018-01-10 | 7.5 HIGH | N/A |
| curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. | |||||
| CVE-2011-4816 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2018-01-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-17983 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 6.5 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | |||||
| CVE-2017-17873 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2018-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. | |||||
| CVE-2017-17941 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2018-01-09 | 6.5 MEDIUM | 7.2 HIGH |
| PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | |||||