Export limit exceeded: 18944 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18944 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8198 | 1 Huawei | 1 Fusionsphere | 2025-04-20 | N/A |
| FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands. | ||||
| CVE-2017-8789 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | N/A |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. | ||||
| CVE-2017-8796 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | N/A |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. | ||||
| CVE-2017-8835 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | N/A |
| SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database. | ||||
| CVE-2017-9603 | 1 Intensewp | 1 Wp Jobs | 2025-04-20 | N/A |
| SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. | ||||
| CVE-2017-9730 | 1 Dfsol | 1 Nuevomailer | 2025-04-20 | 9.8 Critical |
| SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter. | ||||
| CVE-2017-9759 | 1 Zenbership | 1 Zenbership | 2025-04-20 | N/A |
| SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. | ||||
| CVE-2017-12774 | 1 Finecms Project | 1 Finecms | 2025-04-20 | N/A |
| finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database | ||||
| CVE-2015-4592 | 1 Eclinicalworks | 1 Population Health | 2025-04-20 | N/A |
| eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input. | ||||
| CVE-2017-9848 | 1 Easysitecms | 1 Easysite | 2025-04-20 | N/A |
| SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. | ||||
| CVE-2014-9558 | 1 Smartcms | 1 Smartcms | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in SmartCMS v.2. | ||||
| CVE-2017-9834 | 1 Calendarscripts | 1 Watupro | 2025-04-20 | N/A |
| SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. | ||||
| CVE-2017-9246 | 1 Newrelic | 1 .net Agent | 2025-04-20 | N/A |
| New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism. | ||||
| CVE-2017-8015 | 1 Emc | 1 Appsync | 2025-04-20 | N/A |
| EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | ||||
| CVE-2017-8002 | 1 Emc | 1 Data Protection Advisor | 2025-04-20 | N/A |
| EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands. | ||||
| CVE-2017-7991 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | N/A |
| Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. | ||||
| CVE-2017-7973 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | N/A |
| A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | ||||
| CVE-2017-7952 | 1 Infor | 1 Enterprise Asset Management | 2025-04-20 | N/A |
| INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. | ||||
| CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | N/A |
| Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | ||||
| CVE-2017-7879 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | N/A |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | ||||