Total
11922 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8999 | 1 Xoops | 1 Xoops | 2014-11-24 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. | |||||
CVE-2014-8663 | 1 Sap | 1 Netweaver Business Warehouse | 2014-11-07 | 7.5 HIGH | N/A |
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-6030 | 1 Classapps | 1 Selectsurvey.net | 2014-11-06 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx. | |||||
CVE-2014-5520 | 1 Xrms Crm Project | 1 Xrms Crm | 2014-10-31 | 7.5 HIGH | N/A |
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php. | |||||
CVE-2014-8363 | 1 Wordpress Spreadsheet Project | 1 Wordpress Spreadsheet | 2014-10-25 | 7.5 HIGH | N/A |
SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | |||||
CVE-2014-3978 | 1 Tomatocart | 1 Tomatocart | 2014-10-24 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact. | |||||
CVE-2014-7201 | 1 Kevin Renskers | 1 Dmmjobcontrol | 2014-10-22 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/. | |||||
CVE-2014-8294 | 1 Php Resource | 1 Voice Of Web Allmyguests | 2014-10-22 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password. | |||||
CVE-2014-8295 | 1 Bacula | 1 Bacula-web | 2014-10-22 | 7.5 HIGH | N/A |
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | |||||
CVE-2014-3382 | 1 Cisco | 1 Asa | 2014-10-12 | 7.8 HIGH | N/A |
The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027. | |||||
CVE-2014-7981 | 1 Joomla | 1 Joomla\! | 2014-10-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-5308 | 1 Testlink | 1 Testlink | 2014-10-09 | 9.0 HIGH | N/A |
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php. | |||||
CVE-2014-5503 | 1 Cyberoam | 1 Cyberoam Os | 2014-10-08 | 10.0 HIGH | N/A |
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode. | |||||
CVE-2014-6295 | 1 Wec Map Project | 1 Wec Map | 2014-10-06 | 7.5 HIGH | N/A |
SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-6293 | 1 Kennziffer | 1 Statistics | 2014-10-06 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014. | |||||
CVE-2012-0811 | 1 Postfix | 1 Postfix | 2014-10-02 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. | |||||
CVE-2014-7153 | 1 Huge-it | 1 Image Gallery | 2014-09-22 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php. | |||||
CVE-2014-2376 | 1 Ecava | 1 Integraxor | 2014-09-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-6239 | 1 Address Visualization With Google Maps Project | 1 Address Visualization With Google Maps | 2014-09-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-3904 | 1 Tenfourzero | 1 Shutter | 2014-09-08 | 7.5 HIGH | N/A |
SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |