Export limit exceeded: 19707 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19707 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5049 1 Ibm 1 Openpages Grc Platform 2025-04-12 N/A
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5023 1 Ibm 1 Curam Social Program Management 2025-04-12 N/A
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-4967 1 Ibm 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more 2025-04-12 N/A
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-5097 1 Freereprintables 1 Articlefr 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.
CVE-2015-4066 1 Tri 1 Gigpress 2025-04-12 N/A
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.
CVE-2015-1392 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1514 1 Fancyfon 1 Famoc 2025-04-12 N/A
Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php.
CVE-2015-1517 1 Piwigo 1 Piwigo 2025-04-12 N/A
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
CVE-2015-1518 1 Redaxscript 1 Redaxscript 2025-04-12 N/A
SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
CVE-2014-8506 1 Etiko 1 Etiko Cms 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php.
CVE-2014-5200 1 Fb Gorilla Project 1 Fb Gorilla 2025-04-12 N/A
SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2015-4454 2 Cacti, Fedoraproject 2 Cacti, Fedora 2025-04-12 N/A
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.
CVE-2014-6030 1 Classapps 1 Selectsurvey.net 2025-04-12 N/A
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
CVE-2014-5462 1 Open-emr 1 Openemr 2025-04-12 N/A
Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_number parameter to interface/reports/prescriptions_report.php; (5) payment_id parameter to interface/billing/edit_payment.php; (6) id parameter to interface/forms_admin/forms_admin.php; (7) form_pid or (8) form_encounter parameter to interface/billing/sl_eob_search.php; (9) sortby parameter to interface/logview/logview.php; form_facility parameter to (10) procedure_stats.php, (11) pending_followup.php, or (12) pending_orders.php in interface/orders/; (13) patient, (14) encounterid, (15) formid, or (16) issue parameter to interface/patient_file/deleter.php; (17) search_term parameter to interface/patient_file/encounter/coding_popup.php; (18) text parameter to interface/patient_file/encounter/search_code.php; (19) form_addr1, (20) form_addr2, (21) form_attn, (22) form_country, (23) form_freeb_type, (24) form_partner, (25) form_name, (26) form_zip, (27) form_state, (28) form_city, or (29) form_cms_id parameter to interface/practice/ins_search.php; (30) form_pid parameter to interface/patient_file/problem_encounter.php; (31) patient, (32) form_provider, (33) form_apptstatus, or (34) form_facility parameter to interface/reports/appointments_report.php; (35) db_id parameter to interface/patient_file/summary/demographics_save.php; (36) p parameter to interface/fax/fax_dispatch_newpid.php; or (37) patient_id parameter to interface/patient_file/reminder/patient_reminders.php.
CVE-2015-3427 2 Debian, Quassel-irc 2 Debian Linux, Quassel 2025-04-12 N/A
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
CVE-2015-4129 1 Intelliants 1 Subrion Cms 2025-04-12 N/A
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.
CVE-2015-8157 1 Broadcom 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more 2025-04-12 8.8 High
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-4018 1 Feedwordpress Project 1 Feedwordpress 2025-04-12 N/A
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.
CVE-2015-0684 1 Cisco 1 Unified Communications Domain Manager 2025-04-12 N/A
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.
CVE-2014-5503 1 Cyberoam 1 Cyberoam Os 2025-04-12 N/A
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.