Export limit exceeded: 19648 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19648 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0080 1 Rubyonrails 1 Rails 2025-04-11 N/A
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.
CVE-2012-4686 1 Vbulletin 1 Vbulletin 2025-04-11 N/A
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter.
CVE-2012-4282 1 Toocharger 1 Trombinoscope 2025-04-11 N/A
SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-3000 1 F5 10 Big-ip Access Policy Manager, Big-ip Analytics, Big-ip Application Security Manager and 7 more 2025-04-11 N/A
Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter.
CVE-2012-2998 1 Trend Micro 1 Control Manager 2025-04-11 N/A
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2923 1 Hypermethod 1 Elearning Server 2025-04-11 N/A
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.
CVE-2012-0036 1 Curl 2 Curl, Libcurl 2025-04-11 N/A
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
CVE-2013-7189 1 Iscripts 1 Autohoster 2025-04-11 N/A
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
CVE-2012-1255 1 Segue Project 1 Segue 2025-04-11 N/A
SQL injection vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-3437 1 Cisco 1 Unified Operations Manager 2025-04-11 N/A
SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.
CVE-2013-7149 2 Openx, Revive-adserver 2 Openx, Revive Adserver 2025-04-11 N/A
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
CVE-2013-3578 1 Wave 2 Embassy Remote Administration Server, Embassy Remote Administration Server Help Desk 2025-04-11 N/A
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands.
CVE-2013-4683 2 Christophe Balisky, Typo3 2 Meta Feedit, Typo3 2025-04-11 N/A
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4742 1 Docebo 1 Docebo 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certificate module, reachable through index.php.
CVE-2012-0337 1 Cisco 1 Unified Meetingplace 2025-04-11 N/A
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939.
CVE-2013-4682 2 Bas Van Beek, Typo3 2 Multishop, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4681 2 Michael Staatz, Typo3 2 Sofortueberweisung2commerce, Typo3 2025-04-11 N/A
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-1177 1 Cisco 1 Network Admission Control Manager And Server System Software 2025-04-11 N/A
SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.
CVE-2012-1557 1 Parallels 1 Parallels Plesk Panel 2025-04-11 N/A
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.
CVE-2011-5112 2 Blueflyingfish, Joomla 2 Com Alameda, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.