Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4743 | 2 Eos.pe, Zeroboard | 2 Siche Search Module, Zeroboard | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters. | |||||
| CVE-2012-4282 | 1 Toocharger | 1 Trombinoscope | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-4281 | 1 Itechscripts | 1 Travelon Express | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php. | |||||
| CVE-2012-4261 | 1 Hccgmbh | 1 Mycare2x | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter. | |||||
| CVE-2012-4260 | 1 Hccgmbh | 1 Mycare2x | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter to modules/importer/mycare2x_importer.php; (5) myOpsEintrag or (6) keyword parameter in a Suchen action to modules/drg/mycare2x_proc_search.php; or (7) name_last or (8) pid parameter to modules/patient/mycare_pid.php. | |||||
| CVE-2012-4240 | 1 Group-office | 1 Groupoffice | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2012-4232 | 1 Jcore | 1 Jcore | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie. | |||||
| CVE-2012-4178 | 1 Symantec | 1 Web Gateway | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter. | |||||
| CVE-2012-4061 | 1 Asp-dev | 1 Xm Diary | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp. | |||||
| CVE-2012-4060 | 1 Asp-dev | 1 Xm Forums | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp. | |||||
| CVE-2012-4056 | 1 Uiga | 1 Personal Portal | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2012-4055 | 1 Uiga | 1 Fan Club | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2012-3953 | 1 Phplist | 1 Phplist | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | |||||
| CVE-2012-3839 | 1 Myclientbase | 1 Myclientbase | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search. | |||||
| CVE-2012-3834 | 1 Alienvault | 1 Open Source Security Information Management | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter. | |||||
| CVE-2012-3820 | 1 Arialsoftware | 1 Campaign Enterprise | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp. | |||||
| CVE-2012-3791 | 1 Cms-center | 1 Simple Web Content Management System | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php. | |||||
| CVE-2012-3435 | 1 Zabbix | 1 Zabbix | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | |||||
| CVE-2012-3000 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Analytics, Big-ip Application Security Manager and 7 more | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. | |||||
| CVE-2012-2956 | 1 Spiceworks | 1 Spiceworks | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS. | |||||