Export limit exceeded: 365292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19812 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9229 1 Symantec 1 Endpoint Protection 2025-04-12 N/A
Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.
CVE-2014-9242 1 Websitebaker 1 Websitebaker 2025-04-12 N/A
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
CVE-2015-6811 1 Cyberoam 2 Cr500ing-xp, Cyberoamos 2025-04-12 N/A
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
CVE-2014-5184 1 Stripshow Plugin Project 1 Stripshow 2025-04-12 N/A
SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php.
CVE-2015-0161 1 Ibm 1 Security Siteprotector System 2025-04-12 N/A
SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1000003 1 Filedownload Project 1 Filedownload 2025-04-12 N/A
Blind SQL Injection in filedownload v1.4 wordpress plugin
CVE-2016-1308 1 Samsung 1 X14j Firmware 2025-04-12 N/A
SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.
CVE-2015-4426 1 Pimcore 1 Pimcore 2025-04-12 N/A
SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
CVE-2015-1000011 1 Dukapress Project 1 Dukapress 2025-04-12 N/A
Blind SQL Injection in wordpress plugin dukapress v2.5.9
CVE-2016-5792 1 Moxa 1 Softcms 2025-04-12 N/A
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.
CVE-2014-7289 2 Broadcom, Symantec 2 Symantec Critical System Protection, Data Center Security 2025-04-12 N/A
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
CVE-2014-9528 1 Humhub 1 Humhub 2025-04-12 N/A
SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.
CVE-2012-5648 1 Theforeman 1 Foreman 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.
CVE-2014-8498 1 Zohocorp 1 Manageengine Password Manager Pro 2025-04-12 N/A
SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.
CVE-2014-9235 1 Zoph 1 Zoph 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
CVE-2012-6643 1 Clip-bucket 1 Clipbucket 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information.
CVE-2014-0966 1 Ibm 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management 2025-04-12 N/A
SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-7349 1 Raoul Proenca 1 Gnew 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.
CVE-2014-3446 1 Bss 1 Continuity Cms 2025-04-12 N/A
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.
CVE-2014-3415 1 Sharetronix 1 Sharetronix 2025-04-12 N/A
SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group.