Search Results (19827 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1204 1 Tableausoftware 1 Tableau Server 2025-04-11 N/A
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.
CVE-2010-0457 1 A3malnet 1 Magic-portal 2025-04-11 N/A
SQL injection vulnerability in home.php in magic-portal 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-1667 1 Xmedien 1 Anzeigenmarkt 2025-04-11 N/A
SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action.
CVE-2010-1859 1 Deluxebb 1 Deluxebb 2025-04-11 N/A
SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread.
CVE-2012-3791 1 Cms-center 1 Simple Web Content Management System 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php.
CVE-2011-1686 1 Bestpractical 1 Rt 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.
CVE-2011-0448 1 Rubyonrails 1 Rails 2025-04-11 N/A
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
CVE-2011-4215 1 Oneorzero 1 Aims 2025-04-11 N/A
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable.
CVE-2010-1726 1 Alibabaclone 1 Ec21 Clone 2025-04-11 N/A
SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-5218 1 Neubivljiv 1 Dota Openstats 2025-04-11 N/A
SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2011-1913 1 Mercator 1 Sentinel 2025-04-11 N/A
SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-5216 2 Troyef, Wordpress 2 Scorm Cloud, Wordpress 2025-04-11 N/A
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.
CVE-2013-7278 1 Naxtech 1 Cms Afroditi 2025-04-11 N/A
SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp.
CVE-2011-5215 1 2daybiz 1 Video Community Portal Script 2025-04-11 N/A
SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-7175 1 Avanset 1 Visual Certexam Manager 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field.
CVE-2011-4542 1 Hastymail 1 Hastymail2 2025-04-11 N/A
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
CVE-2011-1557 1 Icloudcenter 1 Icjobsite 2025-04-11 N/A
SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2011-5099 2 Chillcreations, Joomla 2 Mod Ccnewsletter, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-6176 1 Emc 1 Document Sciences Xpression 2025-04-11 N/A
Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote authenticated users to execute arbitrary SQL commands via unspecified input to a (1) xAdmin or (2) xDashboard form.
CVE-2011-5168 1 Bananadance 1 Banana Dance 2025-04-11 N/A
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.