Export limit exceeded: 364864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19783 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7236 1 Netapp 1 Oncommand Unified Manager Core Package 2025-04-20 N/A
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0782 1 Novell 1 Zenworks Configuration Management 2025-04-20 N/A
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-14760 1 Eventespresso 1 Event Espresso Lite 2025-04-20 N/A
SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.
CVE-2017-14758 1 Opentext 1 Document Sciences Xpression 2025-04-20 N/A
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
CVE-2017-14757 1 Opentext 1 Document Sciences Xpression 2025-04-20 N/A
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
CVE-2017-14743 1 Faleemi 2 Fsc-880, Fsc-880 Firmware 2025-04-20 N/A
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.
CVE-2017-14738 1 Filerun 1 Filerun 2025-04-20 N/A
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).
CVE-2015-5376 1 Gsi-office 1 Winpat Portal 2025-04-20 N/A
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field.
CVE-2017-5154 1 Advantech 1 Webaccess 2025-04-20 N/A
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.
CVE-2015-4724 1 Concretecms 1 Concrete Cms 2025-04-20 N/A
SQL injection vulnerability in Concrete5 5.7.3.1.
CVE-2015-4669 1 Xceedium 1 Xsuite 2025-04-20 N/A
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
CVE-2015-4627 1 Pragyan Cms Project 1 Pragyan Cms 2025-04-20 N/A
SQL injection vulnerability in Pragyan CMS 3.0.
CVE-2017-14512 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.
CVE-2017-14401 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.
CVE-2017-14356 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2025-04-20 N/A
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
CVE-2017-14238 1 Dolibarr 1 Dolibarr 2025-04-20 N/A
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.
CVE-2017-1311 1 Ibm 1 Insights Foundation For Energy 2025-04-20 N/A
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.
CVE-2017-9759 1 Zenbership 1 Zenbership 2025-04-20 N/A
SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account.
CVE-2017-17959 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.
CVE-2014-4914 2 Debian, Zend 2 Debian Linux, Zend Framework 2025-04-20 N/A
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.