Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7682 | 1 Genetechsolutions | 1 Pie Register | 2018-10-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php. | |||||
| CVE-2015-8356 | 1 Bitrix Project | 1 Bitrix | 2018-10-09 | 6.0 MEDIUM | 8.0 HIGH |
| Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php. | |||||
| CVE-2015-7319 | 1 Codepeople | 1 Appointment Booking Calendar | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username. | |||||
| CVE-2015-7670 | 1 Support Ticket System Project | 1 Support Ticket System | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter. | |||||
| CVE-2015-5703 | 1 Open-xchange Ox Guard | 1 Open-xchange Ox Guard | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-6516 | 1 Cygnux | 1 Syspass | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php. | |||||
| CVE-2015-5533 | 1 Count Per Day Project | 1 Count Per Day | 2018-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2015-6910 | 1 Synology | 1 Video Station | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. | |||||
| CVE-2015-4669 | 1 Xceedium | 1 Xsuite | 2018-10-09 | 7.2 HIGH | 7.8 HIGH |
| The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | |||||
| CVE-2015-4109 | 1 Usersultra | 1 Usersultra | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-6911 | 1 Synology | 1 Video Station | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. | |||||
| CVE-2015-4118 | 1 Ispconfig | 1 Ispconfig | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2. | |||||
| CVE-2015-4614 | 1 Easy2map Project | 1 Easy2map | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors. | |||||
| CVE-2015-2843 | 1 Goautodial | 1 Goadmin Ce | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/. | |||||
| CVE-2015-2314 | 1 Wpml | 1 Wpml | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. | |||||
| CVE-2015-2237 | 1 Betster Project | 1 Betster | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php. | |||||
| CVE-2015-2564 | 1 Projectsend | 1 Projectsend | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. | |||||
| CVE-2015-2803 | 1 Akronymmanager Project | 1 Akronymmanager | 2018-10-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2015-2999 | 1 Sysaid | 1 Sysaid | 2018-10-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp. | |||||
| CVE-2015-2102 | 1 Clip-bucket | 1 Clipbucket | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||||