Export limit exceeded: 19662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1934 | 1 Sourcefabric | 1 Newscoop | 2025-04-11 | N/A |
| SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. | ||||
| CVE-2012-2007 | 1 Hp | 1 Performance Insight | 2025-04-11 | N/A |
| SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-2695 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 5 1, Openshift, 1.1 and 2 more | 2025-04-11 | N/A |
| The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. | ||||
| CVE-2011-1546 | 1 Aphpkb | 1 Aphpkb | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-2740 | 1 Phplist | 1 Phplist | 2025-04-11 | N/A |
| SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. | ||||
| CVE-2012-2762 | 1 S9y | 1 Serendipity | 2025-04-11 | N/A |
| SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. | ||||
| CVE-2012-2908 | 1 Viscacha | 1 Viscacha | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter. | ||||
| CVE-2012-2925 | 1 Simple Php Agenda | 1 Simple Php Agenda | 2025-04-11 | N/A |
| SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action. | ||||
| CVE-2012-2937 | 1 Pligg | 1 Pligg Cms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module. | ||||
| CVE-2012-3554 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2025-04-11 | N/A |
| SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-4843 | 1 Phpwebscripts | 1 Ad Manager Pro | 2025-04-11 | N/A |
| SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. | ||||
| CVE-2012-4673 | 1 Thomas Hunter | 1 Neoinvoice | 2025-04-11 | N/A |
| SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477. | ||||
| CVE-2012-5334 | 1 Preprojects | 1 Pre Printing Press | 2025-04-11 | N/A |
| SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter. | ||||
| CVE-2011-1686 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data. | ||||
| CVE-2012-5367 | 1 Orangehrm | 1 Orangehrm | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks. | ||||
| CVE-2013-3050 | 1 Zapms | 1 Zapms | 2025-04-11 | N/A |
| SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product. | ||||
| CVE-2012-5550 | 2 Carlos Carvalhar, Drupal | 2 Time Spent, Drupal | 2025-04-11 | N/A |
| SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-6497 | 1 Rubyonrails | 1 Rails | 2025-04-11 | N/A |
| The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product. | ||||
| CVE-2012-6504 | 1 Shawn Bradley | 1 Php Volunteer Management | 2025-04-11 | N/A |
| SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2012-6516 | 1 Shawn Bradley | 1 Php Ticket System | 2025-04-11 | N/A |
| SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php. | ||||