Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3810 | 1 Boonex | 1 Dolphin | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333. | |||||
| CVE-2014-3857 | 1 Kerio | 1 Control | 2018-10-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php. | |||||
| CVE-2014-3749 | 1 Construtiva | 1 Cis Manager Cms | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp. | |||||
| CVE-2014-3759 | 1 Karlen Walter | 1 Si Bibtex | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search or (2) list functionality. | |||||
| CVE-2014-3783 | 1 Dotclear | 1 Dotclear | 2018-10-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter. | |||||
| CVE-2014-2540 | 1 Orbitscripts | 1 Orbit Open Ad Server | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory. | |||||
| CVE-2014-3210 | 2 Dotonpaper, Wordpress | 2 Booking System, Wordpress | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php. | |||||
| CVE-2014-2303 | 1 Webedition | 1 Webedition Cms | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter. | |||||
| CVE-2014-1854 | 1 Adrotateplugin | 1 Adrotate | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter. | |||||
| CVE-2014-2737 | 1 Knowledgetree | 1 Knowledgetree | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function. | |||||
| CVE-2014-2043 | 1 Procentia | 1 Intellipen | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter. | |||||
| CVE-2014-2654 | 1 Mobfox | 1 Madserve | 2018-10-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/. | |||||
| CVE-2014-2531 | 1 Interworx | 1 Web Control Panel | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object. | |||||
| CVE-2014-1459 | 1 Doorgets | 1 Doorgets Cms | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2014-1455 | 1 Pearson | 1 Esis Enterprise Student Information System | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL commands via the new password. | |||||
| CVE-2014-1401 | 1 Auracms | 1 Auracms | 2018-10-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php. | |||||
| CVE-2014-100011 | 1 Sendy | 1 Sendy | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2014-1206 | 1 Openwebanalytics | 1 Open Web Analytics | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php. | |||||
| CVE-2013-7219 | 1 2glux | 1 Com Sexypolling | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter. | |||||
| CVE-2011-4672 | 1 Valid | 1 Tiny-erp | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php. | |||||