| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter. |
| SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter. |
| SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php. |
| SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter. |
| SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. |
| SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a view_inbox action to cp/cp_messages.php or (2) the id parameter to cp/edit_email.php. |
| Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
| SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter. |
| SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters." |
| Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php. |
| SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter. |
| SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. |
| SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. |
| SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information. |
