Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6659 | 1 Drupal | 1 Drupal | 2016-12-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | |||||
| CVE-2016-2873 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2016-12-23 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-2355 | 1 Dotcms | 1 Dotcms | 2016-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | |||||
| CVE-2016-1000217 | 1 Zotpress Project | 1 Zotpress | 2016-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Zotpress plugin for WordPress SQLi in zp_get_account() | |||||
| CVE-2016-1000122 | 1 Huge-it | 1 Slider | 2016-12-22 | 6.5 MEDIUM | 7.2 HIGH |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||||
| CVE-2016-1000120 | 1 Huge-it | 1 Catalog | 2016-12-22 | 6.5 MEDIUM | 7.2 HIGH |
| SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | |||||
| CVE-2015-7235 | 1 Cp Reservation Calender Project | 1 Cp Reservation Calender | 2016-12-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI. | |||||
| CVE-2015-6962 | 1 Teiko | 1 Farol | 2016-12-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. | |||||
| CVE-2015-6943 | 1 S9y | 1 Serendipity | 2016-12-22 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. | |||||
| CVE-2015-6548 | 1 Symantec | 1 Web Gateway | 2016-12-22 | 5.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-6329 | 1 Cisco | 1 Prime Collaboration Provisioning | 2016-12-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. | |||||
| CVE-2015-6331 | 1 Cisco | 1 Prime Collaboration Assurance | 2016-12-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887. | |||||
| CVE-2015-6522 | 1 Wpsymposium | 1 Wp Symposium | 2016-12-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. | |||||
| CVE-2013-1434 | 1 Cacti | 1 Cacti | 2016-12-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-6625 | 1 Vasthtml | 1 Forumpress | 2016-12-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action. | |||||
| CVE-2012-0868 | 1 Postgresql | 1 Postgresql | 2016-12-08 | 6.8 MEDIUM | N/A |
| CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored. | |||||
| CVE-2015-8769 | 1 Joomla | 1 Joomla\! | 2016-12-07 | 7.5 HIGH | 7.3 HIGH |
| SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8377 | 1 Cacti | 1 Cacti | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. | |||||
| CVE-2015-8369 | 1 Cacti | 1 Cacti | 2016-12-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | |||||
| CVE-2015-6433 | 1 Cisco | 1 Unified Communications Manager | 2016-12-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | |||||