Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6009 1 Refbase 1 Refbase 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.
CVE-2015-6829 1 Ciphercoin 1 Wp Limit Login Attempts 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.
CVE-2015-6915 1 Montala 1 Resourcespace 2025-04-12 N/A
SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.
CVE-2015-6962 1 Teiko 1 Farol 2025-04-12 N/A
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.
CVE-2014-3339 1 Cisco 2 Unified Communications Domain Manager, Unified Presence Server 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.
CVE-2015-7682 1 Genetechsolutions 1 Pie Register 2025-04-12 N/A
Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php.
CVE-2015-7727 1 Sap 1 Hana 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898.
CVE-2014-5200 1 Fb Gorilla Project 1 Fb Gorilla 2025-04-12 N/A
SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2015-7903 1 Infinite Automation Systems 1 Mango Automation 2025-04-12 N/A
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-0224 1 Ibm 1 Marketing Platform 2025-04-12 N/A
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-0233 1 Ibm 1 Marketing Platform 2025-04-12 N/A
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-8306 1 C97 1 Cart Engine 2025-04-12 N/A
SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.
CVE-2016-1308 1 Samsung 1 X14j Firmware 2025-04-12 N/A
SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.
CVE-2015-7695 2 Debian, Zend 2 Debian Linux, Zend Framework 2025-04-12 N/A
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
CVE-2015-6911 1 Synology 1 Video Station 2025-04-12 N/A
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
CVE-2015-6486 1 Rockwellautomation 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware 2025-04-12 N/A
SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-6910 1 Synology 1 Video Station 2025-04-12 N/A
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.
CVE-2016-4351 1 Trendmicro 1 Email Encryption Gateway 2025-04-12 9.8 Critical
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-9005 1 Vld Interactive 1 Vldpersonals 2025-04-12 N/A
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
CVE-2016-9288 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.