Export limit exceeded: 18888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18888 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6004 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | ||||
| CVE-2012-1665 | 1 Oscmax | 1 Oscmax | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php. | ||||
| CVE-2015-2196 | 1 Web-dorado | 1 Spider Calendar | 2025-04-12 | N/A |
| SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. | ||||
| CVE-2014-1597 | 1 I-doit | 1 I-doit | 2025-04-12 | N/A |
| SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI. | ||||
| CVE-2013-2945 | 1 B2evolution | 1 B2evolution | 2025-04-12 | N/A |
| SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | ||||
| CVE-2014-5521 | 1 Xrms Crm Project | 1 Xrms Crm | 2025-04-12 | N/A |
| plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. | ||||
| CVE-2014-5520 | 1 Xrms Crm Project | 1 Xrms Crm | 2025-04-12 | N/A |
| SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php. | ||||
| CVE-2016-6195 | 1 Vbulletin | 1 Vbulletin | 2025-04-12 | N/A |
| SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016. | ||||
| CVE-2015-2199 | 1 Wonderplugin | 1 Audio Player | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. | ||||
| CVE-2016-1000125 | 1 Huge-it | 1 Huge-it Catalog | 2025-04-12 | N/A |
| Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | ||||
| CVE-2016-1000217 | 1 Zotpress Project | 1 Zotpress | 2025-04-12 | N/A |
| Zotpress plugin for WordPress SQLi in zp_get_account() | ||||
| CVE-2016-1000124 | 1 Huge-it | 1 Portfolio Gallery | 2025-04-12 | N/A |
| Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 | ||||
| CVE-2016-1000123 | 1 Huge-it | 1 Video Gallery | 2025-04-12 | N/A |
| Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla | ||||
| CVE-2016-1000122 | 1 Huge-it | 1 Slider | 2025-04-12 | N/A |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | ||||
| CVE-2016-1000120 | 1 Huge-it | 1 Catalog | 2025-04-12 | N/A |
| SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | ||||
| CVE-2016-1000119 | 1 Huge-it | 1 Catalog | 2025-04-12 | N/A |
| SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | ||||
| CVE-2015-3947 | 1 Advantech | 1 Webaccess | 2025-04-12 | N/A |
| SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-1000117 | 1 Huge-it | 1 Slideshow | 2025-04-12 | N/A |
| XSS & SQLi in HugeIT slideshow v1.0.4 | ||||
| CVE-2016-1000000 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | N/A |
| Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | ||||
| CVE-2016-1000113 | 1 Huge-it | 1 Gallery | 2025-04-12 | 9.8 Critical |
| XSS and SQLi in huge IT gallery v1.1.5 for Joomla | ||||