Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9226 | 1 Alegrocart | 1 Alegrocart | 2017-09-18 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. | |||||
| CVE-2015-6009 | 1 Refbase | 1 Refbase | 2017-09-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382. | |||||
| CVE-2015-7858 | 1 Joomla | 1 Joomla\! | 2017-09-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | |||||
| CVE-2015-7857 | 1 Joomla | 1 Joomla\! | 2017-09-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. | |||||
| CVE-2015-7297 | 1 Joomla | 1 Joomla\! | 2017-09-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. | |||||
| CVE-2015-5052 | 1 Sefrengo | 1 Sefrengo | 2017-09-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sefrengo before 1.6.5 beta2. | |||||
| CVE-2015-4627 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2017-09-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Pragyan CMS 3.0. | |||||
| CVE-2015-3314 | 1 Tune Library Project | 1 Tune Library | 2017-09-11 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. | |||||
| CVE-2015-3313 | 1 Community Events Project | 1 Community Events | 2017-09-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in WordPress Community Events plugin before 1.4. | |||||
| CVE-2016-1914 | 1 Blackberry | 1 Blackberry Enterprise Service | 2017-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image. | |||||
| CVE-2015-8261 | 1 Ipswitch | 1 Whatsup Gold | 2017-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. | |||||
| CVE-2015-1513 | 1 Siphon | 1 Siphone Enterprise Pbx | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. | |||||
| CVE-2015-1423 | 1 Jakweb | 1 Gecko Cms | 2017-09-08 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php. | |||||
| CVE-2015-0580 | 1 Cisco | 1 Secure Access Control System | 2017-09-08 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. | |||||
| CVE-2014-9573 | 1 Mantisbt | 1 Mantisbt | 2017-09-08 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie. | |||||
| CVE-2014-9528 | 1 Humhub | 1 Humhub | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error. | |||||
| CVE-2014-9445 | 1 Installatron | 1 Gatequest File Manager | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | |||||
| CVE-2014-9440 | 1 Phpmyrecipes Project | 1 Phpmyrecipes | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2014-9348 | 1 Robotstats | 1 Robotstats | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php. | |||||
| CVE-2014-9347 | 1 Phpmyrecipes Project | 1 Phpmyrecipes | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter. | |||||