Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0304 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2018-01-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. | |||||
| CVE-2012-1777 | 1 F5 | 1 Firepass | 2018-01-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. | |||||
| CVE-2011-4542 | 1 Hastymail | 1 Hastymail2 | 2018-01-05 | 7.5 HIGH | N/A |
| Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI. | |||||
| CVE-2012-0226 | 1 Invensys | 1 Wonderware Information Server | 2018-01-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-17645 | 1 Phpautoclassifiedscript | 1 Bus Booking Script | 2018-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. | |||||
| CVE-2012-0234 | 1 Advantech | 1 Advantech Webaccess | 2018-01-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. | |||||
| CVE-2011-4521 | 1 Advantech | 1 Advantech Webaccess | 2018-01-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. | |||||
| CVE-2012-0244 | 1 Advantech | 1 Advantech Webaccess | 2018-01-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. | |||||
| CVE-2017-16735 | 1 Ecava | 1 Integraxor | 2018-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. | |||||
| CVE-2017-16733 | 1 Ecava | 1 Integraxor | 2018-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. | |||||
| CVE-2017-17731 | 1 Dedecms | 1 Dedecms | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | |||||
| CVE-2017-17730 | 1 Dedecms | 1 Dedecms | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | |||||
| CVE-2017-17713 | 1 Boxug | 1 Trape | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | |||||
| CVE-2017-1757 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. | |||||
| CVE-2017-17822 | 1 Piwigo | 1 Piwigo | 2018-01-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | |||||
| CVE-2017-17823 | 1 Piwigo | 1 Piwigo | 2018-01-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | |||||
| CVE-2017-17824 | 1 Piwigo | 1 Piwigo | 2018-01-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. | |||||
| CVE-2017-17779 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2018-01-03 | 7.5 HIGH | 9.8 CRITICAL |
| Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. | |||||
| CVE-2017-17829 | 1 Doditsolutions | 1 Bus Booking Script | 2018-01-03 | 6.5 MEDIUM | 7.2 HIGH |
| Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter. | |||||
| CVE-2017-15875 | 1 Sistemagpweb | 1 Gpweb | 2018-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | |||||