Export limit exceeded: 23293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18938 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18938 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18938 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8369 | 1 Cacti | 1 Cacti | 2025-04-12 | N/A |
| SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | ||||
| CVE-2015-8769 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-5244 | 1 Bananadance | 1 Banana Dance | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php. | ||||
| CVE-2015-4613 | 1 Developer Log Project | 1 Developer Log | 2025-04-12 | N/A |
| SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-8306 | 1 C97 | 1 Cart Engine | 2025-04-12 | N/A |
| SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter. | ||||
| CVE-2016-0224 | 1 Ibm | 1 Marketing Platform | 2025-04-12 | N/A |
| SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-1000122 | 1 Huge-it | 1 Slider | 2025-04-12 | N/A |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | ||||
| CVE-2016-1000123 | 1 Huge-it | 1 Video Gallery | 2025-04-12 | N/A |
| Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla | ||||
| CVE-2014-3937 | 1 Ajaydsouza | 1 Contextual Related Posts | 2025-04-12 | N/A |
| SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-5278 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2025-04-12 | N/A |
| SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter. | ||||
| CVE-2016-4351 | 1 Trendmicro | 1 Email Encryption Gateway | 2025-04-12 | 9.8 Critical |
| SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-9135 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure. | ||||
| CVE-2011-3197 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | N/A |
| SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector. | ||||
| CVE-2016-9272 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | ||||
| CVE-2016-9282 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | ||||
| CVE-2016-9283 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | ||||
| CVE-2014-9254 | 1 Minibb | 1 Minibb | 2025-04-12 | N/A |
| bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php. | ||||
| CVE-2014-2587 | 1 Mcafee | 1 Asset Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). | ||||
| CVE-2016-9864 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | ||||
| CVE-2014-3339 | 1 Cisco | 2 Unified Communications Domain Manager, Unified Presence Server | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. | ||||