Export limit exceeded: 19794 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19794 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7867 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | N/A |
| SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. | ||||
| CVE-2016-6195 | 1 Vbulletin | 1 Vbulletin | 2025-04-12 | N/A |
| SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016. | ||||
| CVE-2014-5184 | 1 Stripshow Plugin Project | 1 Stripshow | 2025-04-12 | N/A |
| SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. | ||||
| CVE-2015-8369 | 1 Cacti | 1 Cacti | 2025-04-12 | N/A |
| SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | ||||
| CVE-2014-9220 | 3 Fedoraproject, Opensuse, Openvas | 3 Fedora, Opensuse, Openvas Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. | ||||
| CVE-2014-9178 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function. | ||||
| CVE-2014-9242 | 1 Websitebaker | 1 Websitebaker | 2025-04-12 | N/A |
| SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | ||||
| CVE-2014-8367 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-8366 | 1 Os4ed | 1 Opensis | 2025-04-12 | N/A |
| SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. | ||||
| CVE-2014-8363 | 1 Wordpress Spreadsheet Project | 1 Wordpress Spreadsheet | 2025-04-12 | N/A |
| SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | ||||
| CVE-2014-8351 | 1 French National Commission On Informatics And Liberty | 1 Cookieviz | 2025-04-12 | N/A |
| SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter. | ||||
| CVE-2014-8294 | 1 Php Resource | 1 Voice Of Web Allmyguests | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password. | ||||
| CVE-2016-1000113 | 1 Huge-it | 1 Gallery | 2025-04-12 | 9.8 Critical |
| XSS and SQLi in huge IT gallery v1.1.5 for Joomla | ||||
| CVE-2015-0919 | 1 Sefrengo | 1 Sefrengo | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. | ||||
| CVE-2014-4736 | 1 Blogengine | 1 E2 | 2025-04-12 | N/A |
| SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process. | ||||
| CVE-2016-1000116 | 1 Huge-it | 1 Portfolio Gallery Manager | 2025-04-12 | N/A |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | ||||
| CVE-2014-4644 | 1 Cacti | 1 Superlinks | 2025-04-12 | N/A |
| SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2016-1000000 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | N/A |
| Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | ||||
| CVE-2014-3483 | 2 Redhat, Rubyonrails | 2 Rhel Software Collections, Rails | 2025-04-12 | N/A |
| SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting. | ||||
| CVE-2014-4627 | 1 Rsa | 1 Web Threat Detection | 2025-04-12 | 8.8 High |
| SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||