Export limit exceeded: 19010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10096 | 1 Genixcms | 1 Genixcms | 2025-04-12 | N/A |
| SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter. | ||||
| CVE-2016-10114 | 1 Awebsupport | 1 Aweb Cart Watching System For Virtuemart | 2025-04-12 | N/A |
| SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch. | ||||
| CVE-2012-1665 | 1 Oscmax | 1 Oscmax | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php. | ||||
| CVE-2016-1308 | 1 Samsung | 1 X14j Firmware | 2025-04-12 | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. | ||||
| CVE-2016-1393 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2025-04-12 | N/A |
| SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | ||||
| CVE-2016-1437 | 1 Cisco | 1 Prime Collaboration Deployment | 2025-04-12 | N/A |
| SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. | ||||
| CVE-2016-1446 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200. | ||||
| CVE-2012-3820 | 1 Arialsoftware | 1 Campaign Enterprise | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp. | ||||
| CVE-2011-5286 | 1 Social Slider Project | 1 Social Slider | 2025-04-12 | N/A |
| SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter. | ||||
| CVE-2016-2873 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-2950 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | N/A |
| SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-5278 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2025-04-12 | N/A |
| SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter. | ||||
| CVE-2016-3072 | 2 Katello, Redhat | 3 Katello, Enterprise Linux, Satellite | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter. | ||||
| CVE-2016-3659 | 1 Cacti | 1 Cacti | 2025-04-12 | N/A |
| SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. | ||||
| CVE-2016-3675 | 1 Huawei | 2 Policy Center, Policy Center Firmware | 2025-04-12 | 8.1 High |
| SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases. | ||||
| CVE-2012-1506 | 1 Orangehrm | 1 Orangehrm | 2025-04-12 | N/A |
| SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-5277 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2012-0811 | 1 Postfix | 1 Postfix | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. | ||||
| CVE-2016-4350 | 1 Solarwinds | 1 Storage Resource Monitor | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet. | ||||
| CVE-2016-4351 | 1 Trendmicro | 1 Email Encryption Gateway | 2025-04-12 | 9.8 Critical |
| SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||