Total
15299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5262 | 1 Cacti | 1 Cacti | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-5792 | 1 Moxa | 1 Softcms | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. | |||||
| CVE-2016-1000000 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | |||||
| CVE-2014-3783 | 1 Dotclear | 1 Dotclear | 2025-04-12 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter. | |||||
| CVE-2014-4960 | 1 Joomlaboat | 1 Com Youtubegallery | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php. | |||||
| CVE-2015-4137 | 1 Milw0rm Project | 1 Milw0rm Clone Script | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter. | |||||
| CVE-2015-1367 | 1 Catbot Project | 1 Catbot | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. | |||||
| CVE-2014-8507 | 1 Google | 1 Android | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135. | |||||
| CVE-2014-2531 | 1 Interworx | 1 Web Control Panel | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object. | |||||
| CVE-2014-100020 | 1 Itechscripts | 1 Itechclassifieds | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. | |||||
| CVE-2014-2934 | 1 Caldera | 1 Caldera | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. | |||||
| CVE-2014-3997 | 1 Zohocorp | 2 Manageengine It360, Manageengine Password Manager Pro | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat. | |||||
| CVE-2014-8366 | 1 Os4ed | 1 Opensis | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. | |||||
| CVE-2014-9102 | 1 Kunena | 1 Kunena | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php. | |||||
| CVE-2014-3906 | 1 Kk-osk | 2 Advance-flow, Advance-flow Forms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-1400 | 1 Npds | 1 Revolution | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2015-1450 | 1 Restaurantbiller | 1 Restaurant Biller | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php. | |||||
| CVE-2015-4118 | 1 Ispconfig | 1 Ispconfig | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2. | |||||
| CVE-2015-0916 | 1 Cacti | 1 Cacti | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. | |||||
| CVE-2014-1854 | 1 Adrotateplugin | 1 Adrotate | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter. | |||||