Export limit exceeded: 19794 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19794 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7867 1 Zohocorp 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus 2025-04-12 N/A
SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter.
CVE-2016-6195 1 Vbulletin 1 Vbulletin 2025-04-12 N/A
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.
CVE-2014-5184 1 Stripshow Plugin Project 1 Stripshow 2025-04-12 N/A
SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php.
CVE-2015-8369 1 Cacti 1 Cacti 2025-04-12 N/A
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
CVE-2014-9220 3 Fedoraproject, Opensuse, Openvas 3 Fedora, Opensuse, Openvas Manager 2025-04-12 N/A
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
CVE-2014-9178 1 Smartypantsplugins 1 Sp Project \& Document Manager 2025-04-12 N/A
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.
CVE-2014-9242 1 Websitebaker 1 Websitebaker 2025-04-12 N/A
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
CVE-2014-8367 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-12 N/A
SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-8366 1 Os4ed 1 Opensis 2025-04-12 N/A
SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php.
CVE-2014-8363 1 Wordpress Spreadsheet Project 1 Wordpress Spreadsheet 2025-04-12 N/A
SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
CVE-2014-8351 1 French National Commission On Informatics And Liberty 1 Cookieviz 2025-04-12 N/A
SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter.
CVE-2014-8294 1 Php Resource 1 Voice Of Web Allmyguests 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password.
CVE-2016-1000113 1 Huge-it 1 Gallery 2025-04-12 9.8 Critical
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
CVE-2015-0919 1 Sefrengo 1 Sefrengo 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
CVE-2014-4736 1 Blogengine 1 E2 2025-04-12 N/A
SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.
CVE-2016-1000116 1 Huge-it 1 Portfolio Gallery Manager 2025-04-12 N/A
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
CVE-2014-4644 1 Cacti 1 Superlinks 2025-04-12 N/A
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2016-1000000 1 Progress 1 Whatsup Gold 2025-04-12 N/A
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
CVE-2014-3483 2 Redhat, Rubyonrails 2 Rhel Software Collections, Rails 2025-04-12 N/A
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.
CVE-2014-4627 1 Rsa 1 Web Threat Detection 2025-04-12 8.8 High
SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.