Export limit exceeded: 360078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19519 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4280 | 1 Artica | 1 Pandora Fms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php. | ||||
| CVE-2013-6417 | 2 Redhat, Rubyonrails | 5 Cloudforms Managementengine, Openstack, Rhel Software Collections and 2 more | 2025-04-11 | N/A |
| actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155. | ||||
| CVE-2012-5227 | 1 Peel | 1 Peel Shopping | 2025-04-11 | N/A |
| SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2010-3013 | 1 Pligg | 1 Pligg Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577. | ||||
| CVE-2010-4186 | 1 Onlinetechtools.com | 1 Oasys Professional | 2025-04-11 | N/A |
| SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-2826 | 1 Cisco | 1 Wireless Control System Software | 2025-04-11 | N/A |
| SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019. | ||||
| CVE-2012-0199 | 1 Ibm | 1 Tivoli Provisioning Manager Express For Software Distribution | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file. | ||||
| CVE-2010-2691 | 1 2daybiz | 1 Custom T-shirt Design Script | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php. | ||||
| CVE-2013-6341 | 1 Dokeos | 1 Dokeos | 2025-04-11 | N/A |
| SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php. | ||||
| CVE-2010-2688 | 1 Site2nite | 1 Boat Classifieds | 2025-04-11 | N/A |
| SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2010-2686 | 1 Topmanage | 1 Olk Module | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-6321 | 1 Ibm | 4 Atlas Ediscovery Process Management, Atlas Suite, Disposal And Governance Management For It and 1 more | 2025-04-11 | N/A |
| SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-2460 | 1 Jce-tech | 1 Shareasale Script | 2025-04-11 | N/A |
| SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter. | ||||
| CVE-2010-2438 | 1 Laubrotel | 1 G.cms Generator | 2025-04-11 | N/A |
| SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php. | ||||
| CVE-2010-2436 | 1 Anecms | 1 Anecms Blog | 2025-04-11 | N/A |
| SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. | ||||
| CVE-2011-5201 | 1 Steveyolam | 1 Tinyguestbook | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the (1) name and (2) msg parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-5200 | 1 Dedecms | 1 Dedecms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php. | ||||
| CVE-2010-2255 | 2 Joomla, Tamlyncreative | 4 Joomla\!, Com Bfsurvey Basic, Com Bfsurvey Pro and 1 more | 2025-04-11 | N/A |
| SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-2254 | 2 Joomla, Shape5 | 2 Joomla\!, Bridge Of Hope Template | 2025-04-11 | N/A |
| SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php. | ||||
| CVE-2011-5198 | 1 Neturf | 1 Ecommerce Shopping Cart | 2025-04-11 | N/A |
| SQL injection vulnerability in search.php in Neturf eCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the SearchFor parameter. NOTE: some of these details are obtained from third party information. | ||||