Total
11641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7803 | 1 Cybozu | 1 Garoon | 2017-06-13 | N/A |
| SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | ||||
| CVE-2015-7346 | 1 Zcms Project | 1 Zcms | 2017-06-12 | N/A |
| SQL injection vulnerability in ZCMS 1.1. | ||||
| CVE-2016-5939 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-06-08 | N/A |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | ||||
| CVE-2016-10379 | 1 Virtuemart | 1 Virtuemart | 2017-06-08 | N/A |
| The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php. | ||||
| CVE-2017-9360 | 1 Websitebaker | 1 Websitebaker | 2017-06-06 | N/A |
| WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | ||||
| CVE-2017-9427 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-06 | N/A |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true. | ||||
| CVE-2016-4905 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2017-05-30 | N/A |
| SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-6195 | 1 Ipswitch | 2 Moveit Dmz, Moveit Transfer 2017 | 2017-05-26 | N/A |
| Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20. | ||||
| CVE-2017-5527 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2017-05-23 | N/A |
| TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. | ||||
| CVE-2016-4893 | 1 Setucocms Project | 1 Setucocms | 2017-05-23 | N/A |
| SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-8796 | 1 Accellion | 1 File Transfer Appliance | 2017-05-17 | N/A |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. | ||||
| CVE-2017-8789 | 1 Accellion | 1 File Transfer Appliance | 2017-05-17 | N/A |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. | ||||
| CVE-2017-6557 | 1 Xirrus | 1 Arrayos | 2017-05-17 | N/A |
| SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-8377 | 1 Genixcms | 1 Genixcms | 2017-05-10 | N/A |
| GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter. | ||||
| CVE-2017-2120 | 1 Wbce | 1 Wbce Cms | 2017-05-03 | N/A |
| SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-1218 | 1 Cybozu | 1 Garoon | 2017-04-25 | N/A |
| SQL injection vulnerability in Cybozu Garoon before 4.2.2. | ||||
| CVE-2016-2566 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2017-04-21 | N/A |
| Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. | ||||
| CVE-2017-7628 | 1 Smart Related Articles Project | 1 Smart Related Articles | 2017-04-20 | N/A |
| The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). | ||||
| CVE-2017-7719 | 1 Web-dorado | 1 Spider Event Calendar | 2017-04-20 | N/A |
| SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php. | ||||
| CVE-2015-7564 | 1 Teampass | 1 Teampass | 2017-04-20 | N/A |
| Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php. | ||||