CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13183 matches found

0day.today•added 2018/06/25 12:0 a.m.•63 views

WordPress iThemes Security Plugin < 7.0.3 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin iThemes Securitybetter-wp-security = 7.0.2 - Authenticated SQL Injection Exploit Author: Çlirim Emini Website: https://www.sentry.co.com/ Vendor Homepage: https://ithemes.com/ Software Link:...

0.2AI score0.30118EPSS

Exploits4

Prion•added 2018/06/19 7:29 p.m.•12 views

Sql injection

SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx...

7.5CVSS9.1AI score0.01278EPSS

Exploits0References1Affected Software1

NVD•added 2018/06/19 7:29 p.m.•20 views

CVE-2015-4043

SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx...

9.8CVSS10AI score0.01278EPSS

Exploits0References1

Cvelist•added 2018/06/19 7:0 p.m.•14 views

CVE-2015-4043

SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx...

10AI score0.01278EPSS

Exploits0References1

Cvelist•added 2018/06/17 4:0 p.m.•28 views

CVE-2018-10969

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid...

10AI score0.0533EPSS

Exploits5References2

CNVD•added 2018/06/13 12:0 a.m.•2 views

Multiple Vulnerabilities in MySQL Smart Reports 'id'

MySQL Smart Reports is a complete solution for generating reports using existing MySQL databases. An attacker can exploit this vulnerability to execute arbitrary SQL commands. A SQL injection and cross-site scripting vulnerability exists in MySQL Smart Reports 'id'. An attacker can exploit this...

7.5AI score

Exploits0References1

CNVD•added 2018/06/13 12:0 a.m.•2 views

MySQL Blob Uploader 'home-filet-edit.php' SQL Injection Vulnerability

MySQL Blob Uploader is a database file upload script. MySQL Blob Uploader 'home-filet-edit.php' suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...

8.6AI score

Exploits0References1

CNVD•added 2018/06/13 12:0 a.m.•2 views

Wecodex Restaurant CMS 'Login' SQL Injection Vulnerability

Wecodex Restaurant CMS is a management system. A SQL injection vulnerability exists in Wecodex Restaurant CMS 'Login', which can be exploited by attackers to execute arbitrary SQL commands...

8.5AI score

Exploits0References1

CNVD•added 2018/06/11 12:0 a.m.•2 views

Schools Alert Management Script SQL Injection Vulnerability (CNVD-2018-11296)

PHP Scripts Mall Schools Alert Management Script is a school management system script by PHP Scripts Mall India. A SQL injection vulnerability exists in several cgi's in PHP Scripts Mall Schools Alert Management Script. A remote attacker can exploit this vulnerability by sending specially crafted...

9.8CVSS8.7AI score0.0328EPSS

Exploits5References1

Prion•added 2018/06/07 9:29 p.m.•22 views

Sql injection

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance...

6.5CVSS8.5AI score0.0129EPSS

Exploits0References2Affected Software2

OSV•added 2018/06/07 7:29 p.m.•2 views

CVE-2018-12039

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

9.8CVSS6AI score0.04679EPSS

Exploits1References1

Prion•added 2018/06/07 7:29 p.m.•16 views

Sql injection

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

7.5CVSS9.9AI score0.04679EPSS

Exploits1References1Affected Software1

CVE•added 2018/06/07 7:0 p.m.•39 views

CVE-2018-12039

Joyplus-CMS version 1.6.0 is affected by a Remote Code Execution vulnerability in manager/index.php caused by an Arbitrary SQL command execution issue that relies on using a "/!select/" substring in place of a select substring. This is documented across multiple sources (NVD/Red Hat/CNVD) and ind...

9.8CVSS9.9AI score0.04679EPSS

Exploits1References1Affected Software1

CNVD•added 2018/06/07 12:0 a.m.•2 views

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability (CNVD-2018-11254)

Cisco Prime Collaboration Provisioning PCP is a set of Web-based, next-generation communications services software from Cisco. The software provides IP communication service features for IP telephony, voice mail and unified communications environments. A SQL injection vulnerability exists in the...

9.8CVSS8.3AI score0.04056EPSS

Exploits0References1

Cisco•added 2018/06/06 4:0 p.m.•85 views

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this...

8.1CVSS1.7AI score0.04056EPSS

Exploits0References1

CNVD•added 2018/05/29 12:0 a.m.•3 views

WUZHI CMS SQL Injection Vulnerability

WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in WUZHI CMS version 4.1.0. A remote attacker can use api/smscheck.php?param= URI to execute arbitrary SQL commands...

9.8CVSS8.6AI score0.0155EPSS

Exploits1References1

CNVD•added 2018/05/24 12:0 a.m.•2 views

Trend Micro Email Encryption Gateway SQL Injection Vulnerability (CNVD-2018-10479)

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A SQL injection vulnerability exists in the formConfiguration class in Trend Mic...

8.8CVSS8.4AI score0.02164EPSS

Exploits0References1

OSV•added 2018/05/22 8:29 p.m.•22 views

CVE-2018-9019

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categorieslist.php, /accountancy/admin/journalslist.php, /admin/dict.php,...

9.8CVSS9.2AI score

Exploits0References3

NVD•added 2018/05/22 8:29 p.m.•23 views

CVE-2018-9019

9.8CVSS10AI score0.03959EPSS

Exploits0References3

Prion•added 2018/05/22 8:29 p.m.•17 views

Sql injection

7.5CVSS10AI score0.03959EPSS

Exploits0References3Affected Software2

Rows per page