Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4137 | 1 Milw0rm Project | 1 Milw0rm Clone Script | 2016-12-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter. | |||||
| CVE-2015-3993 | 1 Actian | 1 Matrix | 2016-12-05 | 6.5 MEDIUM | N/A |
| Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table. | |||||
| CVE-2015-3346 | 1 Wikiwiki Project | 1 Wikiwiki | 2016-12-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-3427 | 2 Debian, Quassel-irc | 2 Debian Linux, Quassel | 2016-12-05 | 7.5 HIGH | N/A |
| Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422. | |||||
| CVE-2016-2950 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-2299 | 1 Ecava | 1 Integraxor | 2016-12-02 | 7.5 HIGH | 7.3 HIGH |
| SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8153 | 1 Symantec | 1 Endpoint Protection Manager | 2016-12-02 | 8.3 HIGH | 8.8 HIGH |
| SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8604 | 1 Cacti | 1 Cacti | 2016-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | |||||
| CVE-2015-2956 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2016-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-2679 | 1 Genixcms | 1 Genixcms | 2016-12-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. | |||||
| CVE-2015-2562 | 1 Web-dorado | 1 Ecommerce Wd | 2016-12-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. | |||||
| CVE-2015-2216 | 1 Photocati Media | 1 Photocrati | 2016-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. | |||||
| CVE-2015-2292 | 1 Yoast | 1 Wordpress Seo | 2016-12-02 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2016-7453 | 1 Exponentcms | 1 Exponent Cms | 2016-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. | |||||
| CVE-2016-7919 | 1 Moodle | 1 Moodle | 2016-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields." | |||||
| CVE-2016-3659 | 1 Cacti | 1 Cacti | 2016-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. | |||||
| CVE-2016-3172 | 1 Cacti | 1 Cacti | 2016-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. | |||||
| CVE-2016-1437 | 1 Cisco | 1 Prime Collaboration Deployment | 2016-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. | |||||
| CVE-2015-2090 | 1 Sympies | 1 Wordpress Survey And Poll | 2016-11-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-2065 | 1 Apptha | 1 Wordpress Video Gallery | 2016-11-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php. | |||||