Total
11641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7175 | 1 Avanset | 1 Visual Certexam Manager | 2016-12-31 | N/A |
| Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field. | ||||
| CVE-2013-5640 | 1 Raoul Proenca | 1 Gnew | 2016-12-31 | N/A |
| Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors. | ||||
| CVE-2013-5003 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-31 | N/A |
| Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php. | ||||
| CVE-2015-6299 | 1 Cisco | 1 Unity Connection | 2016-12-29 | N/A |
| SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. | ||||
| CVE-2015-4222 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2016-12-28 | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325. | ||||
| CVE-2015-4233 | 1 Cisco | 1 Unified Meetingplace | 2016-12-28 | N/A |
| SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037. | ||||
| CVE-2015-4208 | 1 Cisco | 1 Webex Meeting Center | 2016-12-28 | N/A |
| Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. | ||||
| CVE-2016-8905 | 1 Dotcms | 1 Dotcms | 2016-12-26 | N/A |
| SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | ||||
| CVE-2016-8902 | 1 Dotcms | 1 Dotcms | 2016-12-26 | N/A |
| SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. | ||||
| CVE-2016-8903 | 1 Dotcms | 1 Dotcms | 2016-12-26 | N/A |
| SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8904 | 1 Dotcms | 1 Dotcms | 2016-12-26 | N/A |
| SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8906 | 1 Dotcms | 1 Dotcms | 2016-12-26 | N/A |
| SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8907 | 1 Dotcms | 1 Dotcms | 2016-12-26 | N/A |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8908 | 1 Dotcms | 1 Dotcms | 2016-12-26 | N/A |
| SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2015-6659 | 1 Drupal | 1 Drupal | 2016-12-24 | N/A |
| SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | ||||
| CVE-2016-2873 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2016-12-23 | N/A |
| SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-2355 | 1 Dotcms | 1 Dotcms | 2016-12-23 | N/A |
| SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | ||||
| CVE-2016-1000217 | 1 Zotpress Project | 1 Zotpress | 2016-12-22 | N/A |
| Zotpress plugin for WordPress SQLi in zp_get_account() | ||||
| CVE-2016-1000122 | 1 Huge-it | 1 Slider | 2016-12-22 | N/A |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | ||||
| CVE-2016-1000120 | 1 Huge-it | 1 Catalog | 2016-12-22 | N/A |
| SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | ||||