13187 matches found
activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...
Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in...
SQL Injection Vulnerability in quote_table_name in rails/activerecord
Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a craft...
CVE-2012-4570
SQL injection vulnerability in LetoDMSCore/Core/inc.ClassDMS.php in LetoDMS formerly MyDMS before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpdkeepmonth parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow...
Sql injection
SQL injection vulnerability in LetoDMSCore/Core/inc.ClassDMS.php in LetoDMS formerly MyDMS before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-4570
SQL injection vulnerability in LetoDMSCore/Core/inc.ClassDMS.php in LetoDMS formerly MyDMS before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-5533
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpdkeepmonth parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow...
Sql injection
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB10004.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2017-2133
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB10004.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2017-2133
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB10004.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field...
CVE-2015-5376
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field...
Sql injection
SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the slcustomfield parameter to sl-xml.php...
CVE-2015-2146
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to project.php, the 2 groupid parameter to group.php, the 3 statusid parameter to status.php, the 4 resolutionid parameter to...
Sql injection
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters...
CVE-2015-2147
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters...
CVE-2015-2146
Issuetracker phpBugTracker is affected by SQL injection vulnerabilities in versions before 1.7.0. Multiple parameters (id in project.php; group_id in group.php; status_id in status.php; resolution_id in resolution.php; severity_id in severity.php; priority_id in priority.php; os_id in os.php; sit...
CVE-2017-1000120
ERPNextFrappe Version = 7.1.27 SQL injection vulnerability in frappe.share.getusers allows remote authenticated users to execute arbitrary SQL commands via the fields parameter...
CVE-2017-1000120
ERPNextFrappe Version = 7.1.27 SQL injection vulnerability in frappe.share.getusers allows remote authenticated users to execute arbitrary SQL commands via the fields parameter...