Export limit exceeded: 19656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19656 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4056 | 1 Uiga | 1 Personal Portal | 2025-04-11 | N/A |
| SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||||
| CVE-2013-5931 | 1 Real-estate-php-script | 1 Real Estate Php Script | 2025-04-11 | N/A |
| SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | ||||
| CVE-2012-5967 | 1 Merethis | 1 Centreon | 2025-04-11 | N/A |
| SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. | ||||
| CVE-2013-1852 | 1 Kolja Schleich | 1 Leaguemanager | 2025-04-11 | N/A |
| SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php. | ||||
| CVE-2013-0511 | 1 Ibm | 1 Security Appscan | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. | ||||
| CVE-2012-5900 | 1 Samedia | 1 Landshop | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php. | ||||
| CVE-2013-1177 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2025-04-11 | N/A |
| SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. | ||||
| CVE-2012-1626 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2025-04-11 | N/A |
| SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1603 | 1 Nextbbs | 1 Nextbbs | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function. | ||||
| CVE-2012-5333 | 1 Preprojects | 1 Pre Printing Press | 2025-04-11 | N/A |
| SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2013-6417 | 2 Redhat, Rubyonrails | 5 Cloudforms Managementengine, Openstack, Rhel Software Collections and 2 more | 2025-04-11 | N/A |
| actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155. | ||||
| CVE-2013-6341 | 1 Dokeos | 1 Dokeos | 2025-04-11 | N/A |
| SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php. | ||||
| CVE-2010-0454 | 1 Fabricadigital | 1 Publique\! | 2025-04-11 | N/A |
| SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | ||||
| CVE-2012-1061 | 1 Gforgegroup | 1 Gforge | 2025-04-11 | N/A |
| SQL injection vulnerability in GForge Advanced Server 6.0.0 and other versions before 6.0.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-0727 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. | ||||
| CVE-2014-0726 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. | ||||
| CVE-2012-5350 | 1 Wordpress | 2 Pay-with-tweet, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. | ||||
| CVE-2012-5348 | 1 Wilson Steven | 1 Mangosweb Enhanced | 2025-04-11 | N/A |
| SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php. | ||||
| CVE-2012-5342 | 1 Michau Enterprises Llc | 1 Commonsense Cms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php. | ||||
| CVE-2012-2718 | 2 Drupal, Drupal-id | 2 Drupal, Counter Module | 2025-04-11 | N/A |
| SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." | ||||