Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5766 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-28 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than CVE-2013-0560. | |||||
| CVE-2012-5701 | 1 Dotproject | 1 Dotproject | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2012-5861 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php. | |||||
| CVE-2012-6290 | 1 Imagecms | 1 Imagecms | 2017-08-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | |||||
| CVE-2012-5894 | 1 Havalite | 1 Cms | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter. | |||||
| CVE-2012-6519 | 1 Diy-cms | 1 Diy-cms | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php. | |||||
| CVE-2012-6520 | 1 Wikidforum | 1 Wikidforum | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties. | |||||
| CVE-2012-6524 | 1 Powie | 1 Pgb | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-6577 | 2 Typo3, Typoheads | 2 Typo3, Formhandler | 2017-08-28 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-6643 | 1 Clip-bucket | 1 Clipbucket | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4261 | 1 Hccgmbh | 1 Mycare2x | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter. | |||||
| CVE-2012-4061 | 1 Asp-dev | 1 Xm Diary | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp. | |||||
| CVE-2012-4060 | 1 Asp-dev | 1 Xm Forums | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp. | |||||
| CVE-2012-4056 | 1 Uiga | 1 Personal Portal | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2012-4232 | 1 Jcore | 1 Jcore | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie. | |||||
| CVE-2012-4178 | 1 Symantec | 1 Web Gateway | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter. | |||||
| CVE-2012-4240 | 1 Group-office | 1 Groupoffice | 2017-08-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2012-4034 | 1 Pbboard | 1 Pbboard | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php. | |||||
| CVE-2012-4260 | 1 Hccgmbh | 1 Mycare2x | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter to modules/importer/mycare2x_importer.php; (5) myOpsEintrag or (6) keyword parameter in a Suchen action to modules/drg/mycare2x_proc_search.php; or (7) name_last or (8) pid parameter to modules/patient/mycare_pid.php. | |||||
| CVE-2012-4281 | 1 Itechscripts | 1 Travelon Express | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php. | |||||