Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1393 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2016-11-28 | 6.5 MEDIUM | 7.1 HIGH |
| SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | |||||
| CVE-2016-0249 | 1 Ibm | 1 Security Guardium | 2016-11-28 | 7.5 HIGH | 8.6 HIGH |
| SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-7695 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. | |||||
| CVE-2015-5452 | 1 Watchguard | 1 Xcs | 2016-11-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3. | |||||
| CVE-2015-5049 | 1 Ibm | 1 Openpages Grc Platform | 2016-11-28 | 6.5 MEDIUM | 5.4 MEDIUM |
| SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4160 | 1 Sap | 1 Ase Database Platform | 2016-11-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | |||||
| CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2016-11-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | |||||
| CVE-2015-4129 | 1 Intelliants | 1 Subrion Cms | 2016-11-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie. | |||||
| CVE-2006-6402 | 1 Mystats | 1 Mystats | 2016-11-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter. | |||||
| CVE-2005-3543 | 1 Phorum | 1 Phorum | 2016-10-18 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. | |||||
| CVE-2005-3046 | 1 Phpmyfaq | 1 Phpmyfaq | 2016-10-18 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field. | |||||
| CVE-2005-2983 | 1 Oracle | 1 Reports | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. | |||||
| CVE-2013-3437 | 1 Cisco | 1 Unified Operations Manager | 2016-09-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179. | |||||
| CVE-2014-3287 | 1 Cisco | 1 Unified Communications Manager | 2016-09-07 | 4.0 MEDIUM | N/A |
| SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337. | |||||
| CVE-2016-5817 | 1 Navis | 1 Webaccess | 2016-08-22 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-1875 | 1 Palosanto | 1 Elastix | 2016-08-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter. | |||||
| CVE-2016-0224 | 1 Ibm | 1 Marketing Platform | 2016-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-0233 | 1 Ibm | 1 Marketing Platform | 2016-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-2174 | 1 Apache | 1 Ranger | 2016-06-14 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. | |||||
| CVE-2015-4426 | 1 Pimcore | 1 Pimcore | 2016-06-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. | |||||