Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1000125 | 1 Huge-it | 1 Huge-it Catalog | 2017-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | |||||
| CVE-2016-1000124 | 1 Huge-it | 1 Portfolio Gallery | 2017-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 | |||||
| CVE-2017-14076 | 1 Nexusphp | 1 Nexusphp | 2017-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. | |||||
| CVE-2016-8582 | 1 Alienvault | 2 Open Source Security Information And Event Management, Unified Security Management | 2017-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE. | |||||
| CVE-2016-8025 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-02 | 6.0 MEDIUM | 6.2 MEDIUM |
| SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | |||||
| CVE-2015-2866 | 1 Grandstream | 2 Gxv3611 Hd, Gxv3611 Hd Firmware | 2017-09-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. | |||||
| CVE-2017-10839 | 1 Seopanel | 1 Seo Panel | 2017-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-5742 | 1 Sixapart | 2 Movable Type, Movable Type Open Source | 2017-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1446 | 1 Cisco | 1 Webex Meetings Server | 2017-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200. | |||||
| CVE-2017-5344 | 1 Dotcms | 1 Dotcms | 2017-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. | |||||
| CVE-2014-9558 | 1 Smartcms | 1 Smartcms | 2017-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in SmartCMS v.2. | |||||
| CVE-2017-11475 | 1 Glpi-project | 1 Glpi | 2017-08-29 | 6.5 MEDIUM | 8.8 HIGH |
| GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. | |||||
| CVE-2014-4824 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-08-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4424 | 1 Apple | 1 Os X Server | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-1619 | 1 Cubicfactory | 1 Cubic Cms | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario. | |||||
| CVE-2014-2008 | 1 Mpay24 Project | 1 Mpay24 | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | |||||
| CVE-2014-1597 | 1 I-doit | 1 I-doit | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI. | |||||
| CVE-2014-1466 | 1 Csp Mysql User Manager Project | 1 Csp Mysql User Manager | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. | |||||
| CVE-2014-1618 | 1 Uaepd | 1 Shopping Cart Script | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php. | |||||
| CVE-2014-2238 | 1 Mantisbt | 1 Mantisbt | 2017-08-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter. | |||||