Export limit exceeded: 363376 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19699 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4676 1 Aftab 1 Tickfa 2025-04-12 N/A
SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action.
CVE-2015-4678 1 Persian Car Cms Project 1 Persian Car Cms 2025-04-12 N/A
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.
CVE-2015-4713 1 Apphp 1 Hotel Site 2025-04-12 N/A
SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.
CVE-2015-5452 1 Watchguard 1 Xcs 2025-04-12 N/A
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.
CVE-2015-5504 1 Novalnet 1 Novalnet Payment Module Ubercart- 2025-04-12 N/A
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5599 1 Powerplay Gallery Project 1 Powerplay Gallery 2025-04-12 N/A
Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.
CVE-2015-5641 1 Basercms 1 Basercms 2025-04-12 N/A
SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5642 1 Icz 1 Matchasns 2025-04-12 N/A
Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5648 1 Loenshotel 1 Phprechnung 2025-04-12 N/A
SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5668 1 Techno Project Japan 1 Enisys Gw 2025-04-12 N/A
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-6009 1 Refbase 1 Refbase 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.
CVE-2015-6659 1 Drupal 1 Drupal 2025-04-12 N/A
SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.
CVE-2016-1000115 1 Huge-it 1 Portfolio Gallery Manager 2025-04-12 N/A
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
CVE-2015-6811 1 Cyberoam 2 Cr500ing-xp, Cyberoamos 2025-04-12 N/A
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
CVE-2015-6829 1 Ciphercoin 1 Wp Limit Login Attempts 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.
CVE-2012-5853 1 Vinojcardoza 1 Ajax Post Search 2025-04-12 N/A
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.
CVE-2016-2174 1 Apache 1 Ranger 2025-04-12 N/A
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.
CVE-2015-7695 2 Debian, Zend 2 Debian Linux, Zend Framework 2025-04-12 N/A
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
CVE-2012-5685 1 Zpanelcp 1 Zpanel 2025-04-12 N/A
SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
CVE-2015-7999 1 Citrix 1 Command Center 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.