UBUNTU-CVE-2013-4313

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

DEBIAN-CVE-2013-5589

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2013-5589

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

Cisco Unified Operations Manager SQL Injection Vulnerability

A vulnerability in the management application of the Cisco Unified Operations Manager could allow an authenticated, remote attacker to execute arbitrary Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker...

DEBIAN-CVE-2013-0333

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

Trend Micro Control Manager vulnerable to SQL injection

Overview Trend Micro Control Manager contains a SQL injection vulnerability. Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Tom Gregory and Mada R Perdhana of Spentera reported this vulnerability to JPCERT/CC. JPCERT/CC...

CVE-2011-5135

Multiple SQL injection vulnerabilities in the saveconnection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the 1 coursereportuiconfigname or 2...

DEBIAN-CVE-2012-3435

SQL injection vulnerability in frontends/php/popupbitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter...

CVE-2010-5037

SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the articleid parameter...

CVE-2010-4980

SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter...

CVE-2010-4981

SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4990

SQL injection vulnerability in the Front-edit Address Book comaddressbook component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php...

CVE-2009-5088

SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter...

CVE-2011-1667

SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action...

Oracle MySQL Database COM_FIELD_LIST Buffer Overflow (CVE-2010-1850)

MySQL is a popular open-source implementation of a relational database that supports the Structured Query Language SQL for querying and updating stored data. A security bypass vulnerability exists in MySQL database server. The vulnerability is due to an error while parsing a table name argument o...

No title provided

SQL injection vulnerability in templatesexport.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the exportitemid parameter...

DEBIAN-CVE-2010-1595

Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the 1 c, 2 val1, or 3 ongletbis parameter...

SugarCRM vulnerable to SQL injection

Overview SugarCRM contains a SQL injection vulnerability. SugarCRM is a customer relationship management CRM software. SugarCRM contains a SQL injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

CVE-2009-2152

SQL injection vulnerability in aindex.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action...

CVE-2009-2148

SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter...