Export limit exceeded: 19811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19811 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2213 1 Wordpress 1 Wordpress 2025-04-12 N/A
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
CVE-2015-2843 1 Goautodial 1 Goadmin Ce 2025-04-12 N/A
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
CVE-2015-2866 1 Grandstream 2 Gxv3611 Hd, Gxv3611 Hd Firmware 2025-04-12 N/A
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
CVE-2016-6652 1 Pivotal Software 1 Spring Data Jpa 2025-04-12 N/A
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.
CVE-2015-4426 1 Pimcore 1 Pimcore 2025-04-12 N/A
SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
CVE-2015-5599 1 Powerplay Gallery Project 1 Powerplay Gallery 2025-04-12 N/A
Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.
CVE-2015-5641 1 Basercms 1 Basercms 2025-04-12 N/A
SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5642 1 Icz 1 Matchasns 2025-04-12 N/A
Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5668 1 Techno Project Japan 1 Enisys Gw 2025-04-12 N/A
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-6350 1 Cisco 1 Prime Service Catalog 2025-04-12 N/A
SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.
CVE-2015-6433 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.
CVE-2015-7858 1 Joomla 1 Joomla\! 2025-04-12 N/A
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
CVE-2015-8604 1 Cacti 1 Cacti 2025-04-12 N/A
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
CVE-2016-1000113 1 Huge-it 1 Gallery 2025-04-12 9.8 Critical
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
CVE-2016-1000000 1 Progress 1 Whatsup Gold 2025-04-12 N/A
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
CVE-2016-1000117 1 Huge-it 1 Slideshow 2025-04-12 N/A
XSS & SQLi in HugeIT slideshow v1.0.4
CVE-2016-6419 1 Cisco 1 Secure Firewall Management Center 2025-04-12 N/A
SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.
CVE-2016-4999 1 Redhat 4 Dashbuilder, Jboss Bpm Suite, Jboss Bpms and 1 more 2025-04-12 9.8 Critical
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
CVE-2013-2498 1 Simplehrm 1 Simplehrm 2025-04-12 N/A
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.
CVE-2015-3993 1 Actian 1 Matrix 2025-04-12 N/A
Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table.