Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2035 | 1 Piwigo | 1 Piwigo | 2016-11-30 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php. | |||||
| CVE-2015-1000011 | 1 Dukapress Project | 1 Dukapress | 2016-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| Blind SQL Injection in wordpress plugin dukapress v2.5.9 | |||||
| CVE-2016-8906 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8905 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2016-8904 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8903 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8902 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2016-8907 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-8908 | 1 Dotcms | 1 Dotcms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2016-9134 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. | |||||
| CVE-2016-9135 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure. | |||||
| CVE-2016-9184 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure. | |||||
| CVE-2016-9272 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | |||||
| CVE-2016-9242 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. | |||||
| CVE-2016-9287 | 1 Exponentcms | 1 Exponent Cms | 2016-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection. | |||||
| CVE-2016-6419 | 1 Cisco | 1 Firepower Management Center | 2016-11-28 | 6.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | |||||
| CVE-2016-5843 | 1 Otrs | 1 Faq | 2016-11-28 | 9.0 HIGH | 9.4 CRITICAL |
| Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters. | |||||
| CVE-2016-5792 | 1 Moxa | 1 Softcms | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. | |||||
| CVE-2016-5653 | 1 Misys | 1 Fusioncapital Opics Plus | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter. | |||||
| CVE-2016-4522 | 1 Rockwellautomation | 1 Factorytalk Energrymetrix | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||