Total
19021 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-1054 | 1 Parscms | 1 Parscms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp. | ||||
| CVE-2010-0139 | 1 Cisco | 1 Unified Meetingplace | 2025-04-11 | N/A |
| Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691. | ||||
| CVE-2013-6983 | 1 Cisco | 1 Unified Presence Server | 2025-04-11 | N/A |
| SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. | ||||
| CVE-2013-3033 | 1 Ibm | 1 Tivoli Remote Control | 2025-04-11 | N/A |
| SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-0115 | 1 Symantec | 2 Web Gateway, Web Gateway Appliance | 2025-04-11 | N/A |
| SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. | ||||
| CVE-2013-6869 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-5967 | 1 Merethis | 1 Centreon | 2025-04-11 | N/A |
| SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. | ||||
| CVE-2009-4982 | 1 Irokez | 1 Irokez Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI. | ||||
| CVE-2009-5003 | 1 E-soft24 | 1 Banner Exchange Script | 2025-04-11 | N/A |
| SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter. | ||||
| CVE-2012-5900 | 1 Samedia | 1 Landshop | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php. | ||||
| CVE-2010-2335 | 1 Yamamah | 1 Yamamah | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter. | ||||
| CVE-2011-3130 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection. | ||||
| CVE-2013-6417 | 2 Redhat, Rubyonrails | 5 Cloudforms Managementengine, Openstack, Rhel Software Collections and 2 more | 2025-04-11 | N/A |
| actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155. | ||||
| CVE-2013-6341 | 1 Dokeos | 1 Dokeos | 2025-04-11 | N/A |
| SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php. | ||||
| CVE-2011-2467 | 1 Likewise | 1 Likewise Open | 2025-04-11 | N/A |
| SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-6321 | 1 Ibm | 4 Atlas Ediscovery Process Management, Atlas Suite, Disposal And Governance Management For It and 1 more | 2025-04-11 | N/A |
| SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-6243 | 1 Landing Pages Project | 1 Landing Pages Plugin | 2025-04-11 | N/A |
| SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the "post" parameter to index.php. | ||||
| CVE-2013-6164 | 1 Projeqtor | 1 Projeqtor | 2025-04-11 | N/A |
| SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter. | ||||
| CVE-2013-6058 | 1 Apprain | 1 Apprain | 2025-04-11 | N/A |
| SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/. | ||||
| CVE-2013-5967 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/. | ||||