Export limit exceeded: 19506 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19506 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6873 | 1 Testa | 1 Online Test Management System | 2025-04-11 | N/A |
| SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter. | ||||
| CVE-2012-5967 | 1 Merethis | 1 Centreon | 2025-04-11 | N/A |
| SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. | ||||
| CVE-2011-0407 | 1 Phenotype-cms | 1 Phenotype Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-3412 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | ||||
| CVE-2012-1815 | 1 Emerson | 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation | 2025-04-11 | N/A |
| SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-3510 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component. | ||||
| CVE-2014-1636 | 1 Doug Poulin | 1 Command School Student Management System | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/. | ||||
| CVE-2011-0960 | 1 Cisco | 1 Unified Operations Manager | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716. | ||||
| CVE-2014-1671 | 1 Dell | 5 Kace K1000 Systems Management Appliance, Kace K1000 Systems Management Appliance Software, Kace K1000 Systems Management Virtual Appliance and 2 more | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php. | ||||
| CVE-2013-7216 | 1 Etoshop | 1 Classifieds Creator | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to demo/classifieds/product.asp, or (2) UserID or (3) Password field to demo/classifieds/admin.asp. | ||||
| CVE-2013-0155 | 5 Cloudforms Cloudengine, Debian, Redhat and 2 more | 6 1, Debian Linux, Openshift and 3 more | 2025-04-11 | N/A |
| Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694. | ||||
| CVE-2012-2007 | 1 Hp | 1 Performance Insight | 2025-04-11 | N/A |
| SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-1328 | 1 Radvision | 1 Iview Suite | 2025-04-11 | N/A |
| SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-2998 | 1 Trend Micro | 1 Control Manager | 2025-04-11 | N/A |
| SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-1390 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | N/A |
| SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. | ||||
| CVE-2013-3957 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-2236 | 1 Ryan Walberg | 1 Php Gift Registry | 2025-04-11 | N/A |
| SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action. | ||||
| CVE-2011-1522 | 1 Doctrine-project | 5 Doctrine, Doctrine1.2.0, Doctrine1.2.1 and 2 more | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field. | ||||
| CVE-2012-2332 | 1 S9y | 1 Serendipity | 2025-04-11 | N/A |
| SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). | ||||
| CVE-2011-1686 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data. | ||||