Total
11400 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7903 | 1 Infinite Automation Systems | 1 Mango Automation | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-6433 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | |||||
CVE-2015-0540 | 1 Emc | 1 Document Sciences Xpression | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-7857 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. | |||||
CVE-2016-5653 | 1 Misys | 1 Fusioncapital Opics Plus | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter. | |||||
CVE-2016-4507 | 1 Bosch | 1 Bladecontrol-webvis | 2023-12-10 | 5.5 MEDIUM | 6.4 MEDIUM |
SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-4066 | 1 Tri | 1 Gigpress | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php. | |||||
CVE-2015-6910 | 1 Synology | 1 Video Station | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. | |||||
CVE-2015-6829 | 1 Ciphercoin | 1 Wp Limit Login Attempts | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header. | |||||
CVE-2016-1000217 | 1 Zotpress Project | 1 Zotpress | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zotpress plugin for WordPress SQLi in zp_get_account() | |||||
CVE-2015-4348 | 1 Spider Contacts Project | 1 Spider Contacts | 2023-12-10 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-7695 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. | |||||
CVE-2016-2174 | 1 Apache | 1 Ranger | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. | |||||
CVE-2016-5817 | 1 Navis | 1 Webaccess | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-4611 | 1 Smoelenboek Project | 1 Smoelenboek | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-4613 | 1 Developer Log Project | 1 Developer Log | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2016-1000000 | 1 Ipswitch | 1 Whatsup Gold | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | |||||
CVE-2015-2972 | 1 Sysphonic | 1 Thetis | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-7235 | 1 Cp Reservation Calender Project | 1 Cp Reservation Calender | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI. | |||||
CVE-2015-5659 | 1 Network Applied Communication Laboratory | 1 Shimane Prefecture Cms | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |