Search Results (19663 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-5235 1 Mnogosearch 1 Mnogosearch 2025-04-11 N/A
SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link.
CVE-2011-4959 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-4215 1 Oneorzero 1 Aims 2025-04-11 N/A
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable.
CVE-2011-4672 1 Valid 1 Tiny-erp 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php.
CVE-2011-4026 1 Xia Zuojie 1 Nexusphp 2025-04-11 N/A
SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-3988 1 Lockon 1 Ec-cube 2025-04-11 N/A
SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-3989 1 Hiroyuki Oyama 1 Dbd\ 2025-04-11 N/A
SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2007 1 Hp 1 Performance Insight 2025-04-11 N/A
SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-4638 1 Spamtitan 1 Webtitan 2025-04-11 N/A
Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php.
CVE-2013-7189 1 Iscripts 1 Autohoster 2025-04-11 N/A
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
CVE-2012-0036 1 Curl 2 Curl, Libcurl 2025-04-11 N/A
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
CVE-2011-1343 1 Ibm 1 Tivoli Netcool\/omnibus 2025-04-11 N/A
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."
CVE-2012-2086 1 Gajim 1 Gajim 2025-04-11 N/A
SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.
CVE-2011-1342 1 Aimluck 2 Aipo, Aipo-asp 2025-04-11 N/A
SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ASP before 5.1.1, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-1328 1 Radvision 1 Iview Suite 2025-04-11 N/A
SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4789 1 Cotonti 1 Cotonti Siena 2025-04-11 N/A
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
CVE-2012-2115 1 Open-emr 1 Openemr 2025-04-11 N/A
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
CVE-2013-2050 1 Redhat 3 Cloudforms Management Engine, Cloudforms Managementengine, Manageiq Enterprise Virtualization Manager 2025-04-11 N/A
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.
CVE-2011-1522 1 Doctrine-project 5 Doctrine, Doctrine1.2.0, Doctrine1.2.1 and 2 more 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
CVE-2012-0999 1 Lepton-cms 1 Lepton 2025-04-11 N/A
SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter.