Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7369 | 1 F-secure | 3 Anti-virus, Email And Server Security, Server Security | 2014-04-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand. | |||||
| CVE-2014-2847 | 1 Construtiva | 1 Cis Manager Cms | 2014-04-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. | |||||
| CVE-2013-7355 | 1 Sap | 1 Bi Universal Data Integration | 2014-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. | |||||
| CVE-2014-1645 | 1 Symantec | 1 Liveupdate Administrator | 2014-03-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-6172 | 1 Roundcube | 1 Webmail | 2014-03-26 | 7.5 HIGH | N/A |
| steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code. | |||||
| CVE-2013-5117 | 1 Zldnn | 1 Dnnarticle | 2014-03-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | |||||
| CVE-2014-2317 | 1 Opendocman | 1 Opendocman | 2014-03-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-1945 | 1 Opendocman | 1 Opendocman | 2014-03-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. | |||||
| CVE-2013-2046 | 1 Owncloud | 1 Owncloud | 2014-03-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-2045 | 1 Owncloud | 1 Owncloud | 2014-03-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2211 | 1 Posh Project | 1 Posh | 2014-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. | |||||
| CVE-2014-2245 | 1 Cmsmadesimple | 1 Cms Made Simple | 2014-03-07 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-6930 | 1 Cybozu | 1 Garoon | 2014-02-21 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929. | |||||
| CVE-2013-6931 | 1 Cybozu | 1 Garoon | 2014-02-21 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929. | |||||
| CVE-2013-4662 | 1 Civicrm | 1 Civicrm | 2014-02-21 | 6.5 MEDIUM | N/A |
| The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick. | |||||
| CVE-2013-5012 | 1 Symantec | 1 Web Gateway | 2014-02-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-1852 | 1 Kolja Schleich | 1 Leaguemanager | 2014-02-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php. | |||||
| CVE-2013-1617 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2014-01-17 | 7.4 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-7139 | 1 Cynthia Fridsma | 1 Horizon Quick Content Management System | 2014-01-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2013-7225 | 1 Fatfreecrm | 1 Fat Free Crm | 2014-01-03 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature. | |||||