Export limit exceeded: 19820 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19820 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5244 1 Bananadance 1 Banana Dance 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
CVE-2011-2944 1 Megalab 1 The Uploader 2025-04-12 N/A
SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2014-1945 1 Opendocman 1 Opendocman 2025-04-12 N/A
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
CVE-2016-9481 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
CVE-2013-7355 1 Sap 1 Bi Universal Data Integration 2025-04-12 N/A
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema.
CVE-2013-7349 1 Raoul Proenca 1 Gnew 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.
CVE-2014-4424 1 Apple 1 Os X Server 2025-04-12 N/A
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-6537 1 Epiphanyhealthdata 1 Cardio Server 2025-04-12 N/A
SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL.
CVE-2014-4013 1 Arubanetworks 1 Clearpass 2025-04-12 N/A
SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1506 1 Orangehrm 1 Orangehrm 2025-04-12 N/A
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information.
CVE-2015-1467 1 Fork-cms 1 Fork Cms 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
CVE-2015-1369 1 Sequelize Project 1 Sequelize 2025-04-12 N/A
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2016-2299 1 Ecava 1 Integraxor 2025-04-12 N/A
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-8295 1 Bacula 1 Bacula-web 2025-04-12 N/A
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
CVE-2015-1403 1 Content Rating Project 1 Content Rating 2025-04-12 N/A
SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1479 1 Zohocorp 1 Servicedesk Plus 2025-04-12 N/A
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
CVE-2015-1514 1 Fancyfon 1 Famoc 2025-04-12 N/A
Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php.
CVE-2015-0580 1 Cisco 1 Secure Access Control System 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027.
CVE-2015-6486 1 Rockwellautomation 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware 2025-04-12 N/A
SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-6548 1 Symantec 1 Web Gateway 2025-04-12 N/A
Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.