Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7517 | 1 Labwebdesigns | 1 Double Opt-in For Download | 2017-09-07 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/. | |||||
| CVE-2017-14069 | 1 Nexusphp | 1 Nexusphp | 2017-09-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. | |||||
| CVE-2017-14145 | 1 Helpdezk | 1 Helpdezk | 2017-09-06 | 7.5 HIGH | 9.8 CRITICAL |
| HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. | |||||
| CVE-2016-10509 | 1 Opencart | 1 Opencart | 2017-09-06 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php. | |||||
| CVE-2017-14076 | 1 Nexusphp | 1 Nexusphp | 2017-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. | |||||
| CVE-2016-8582 | 1 Alienvault | 2 Open Source Security Information And Event Management, Unified Security Management | 2017-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE. | |||||
| CVE-2016-8025 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 6.0 MEDIUM | 6.2 MEDIUM |
| SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | |||||
| CVE-2015-2866 | 1 Grandstream | 2 Gxv3611 Hd, Gxv3611 Hd Firmware | 2017-09-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. | |||||
| CVE-2017-10839 | 1 Seopanel | 1 Seo Panel | 2017-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-5344 | 1 Dotcms | 1 Dotcms | 2017-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. | |||||
| CVE-2016-5742 | 1 Sixapart | 2 Movable Type, Movable Type Open Source | 2017-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1446 | 1 Cisco | 1 Webex Meetings Server | 2017-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200. | |||||
| CVE-2014-9558 | 1 Smartcms | 1 Smartcms | 2017-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in SmartCMS v.2. | |||||
| CVE-2017-11475 | 1 Glpi-project | 1 Glpi | 2017-08-29 | 6.5 MEDIUM | 8.8 HIGH |
| GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. | |||||
| CVE-2014-4824 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4424 | 1 Apple | 1 Os X Server | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4313 | 1 Epicor | 1 Epicor Procurement | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field. | |||||
| CVE-2014-4034 | 1 Aas9 | 1 Zerocms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
| CVE-2014-3446 | 1 Bss | 1 Continuity Cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter. | |||||
| CVE-2014-3366 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | |||||