Export limit exceeded: 19580 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19580 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9272 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | ||||
| CVE-2014-2587 | 1 Mcafee | 1 Asset Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). | ||||
| CVE-2015-0524 | 1 Emc | 1 Secure Remote Services | 2025-04-12 | N/A |
| SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-1650 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-3773 | 1 Teampass | 1 Teampass | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/. | ||||
| CVE-2016-6617 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected. | ||||
| CVE-2014-1651 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-4507 | 1 Bosch | 1 Bladecontrol-webvis | 2025-04-12 | 6.4 Medium |
| SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-9287 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection. | ||||
| CVE-2014-2022 | 1 Vbulletin | 1 Vbulletin | 2025-04-12 | N/A |
| SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request. | ||||
| CVE-2016-9283 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | ||||
| CVE-2014-2311 | 1 Modx | 1 Modx Revolution | 2025-04-12 | N/A |
| SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-3828 | 1 Merethis | 2 Centreon, Centreon Enterprise Server | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/. | ||||
| CVE-2014-3759 | 1 Karlen Walter | 1 Si Bibtex | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search or (2) list functionality. | ||||
| CVE-2011-5313 | 1 Redaxscript | 1 Redaxscript | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. | ||||
| CVE-2014-2540 | 1 Orbitscripts | 1 Orbit Open Ad Server | 2025-04-12 | N/A |
| SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory. | ||||
| CVE-2014-1597 | 1 I-doit | 1 I-doit | 2025-04-12 | N/A |
| SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI. | ||||
| CVE-2014-1854 | 1 Adrotateplugin | 1 Adrotate | 2025-04-12 | N/A |
| SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter. | ||||
| CVE-2016-4999 | 1 Redhat | 4 Dashbuilder, Jboss Bpm Suite, Jboss Bpms and 1 more | 2025-04-12 | 9.8 Critical |
| SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. | ||||
| CVE-2014-8586 | 1 Cp Multi View Event Calendar Project | 1 Cp Multi View Event Calendar | 2025-04-12 | N/A |
| SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | ||||