Export limit exceeded: 366186 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366186 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-0407 1 Phenotype-cms 1 Phenotype Cms 2025-04-11 N/A
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.
CVE-2013-5015 1 Symantec 2 Endpoint Protection Manager, Protection Center 2025-04-11 N/A
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-5109 1 John Geo 1 Freelancer Calendar 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.php, and (5) task_statistics_list.php in the worldcalendar directory.
CVE-2011-5103 1 Alurian 1 Prismotube Video Script 2025-04-11 N/A
SQL injection vulnerability in Alurian Prismotube PHP Video Script allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2010-4989 1 Farsi-cms 1 Ziggurat Farsi Cms 2025-04-11 N/A
SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter.
CVE-2010-4986 1 Cafuego 1 Simple Document Management System 2025-04-11 N/A
SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.
CVE-2010-1019 2 Sk-typo3, Typo3 2 Sk Simplegallery, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1017 2 Laurent Foulloy, Typo3 2 Sav Filter Months, Typo3 2025-04-11 N/A
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0970 1 Jorik Berkepas 1 Phpmylogon 2025-04-11 N/A
SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-0964 1 Media-products 1 Eros Webkatalog 2025-04-11 N/A
SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
CVE-2014-1206 1 Openwebanalytics 1 Open Web Analytics 2025-04-11 N/A
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
CVE-2010-4954 1 Gambio 1 Xt\ 2025-04-11 N/A
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
CVE-2013-6321 1 Ibm 4 Atlas Ediscovery Process Management, Atlas Suite, Disposal And Governance Management For It and 1 more 2025-04-11 N/A
SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0955 1 Media-products 1 Bild Flirt Community 2025-04-11 N/A
SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-0952 1 Insanevisions 1 Onecms 2025-04-11 N/A
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.
CVE-2012-4282 1 Toocharger 1 Trombinoscope 2025-04-11 N/A
SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4724 1 Paymentprocessorscript 1 Ppscript 2025-04-11 N/A
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-4721 1 Andrews-web 1 Aw-bannerad 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-4708 2 Maximo Cuadros, Typo3 2 Gb Fenewssubmit, Typo3 2025-04-11 N/A
SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-0729 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.