13184 matches found
CVE-2016-3072
Multiple SQL injection vulnerabilities in the scopedsearch function in app/controllers/katello/api/v2/apicontroller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the 1 sortby or 2 sortorder parameter...
UBUNTU-CVE-2015-7695
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query...
Symphony CMS SQL Injection Vulnerability
Symphony is a content management system CMS developed using PHP MySQL. Symphony suffers from a SQL injection vulnerability because the program fails to adequately validate the 'fieldsusername', 'actionsave', and 'fieldsemail' parameters can be exploited to execute arbitrary SQL code in the...
CVE-2016-1393
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner CNAP 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175...
Sql injection
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner CNAP 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175...
Cisco Cloud Network Automation Provisioner SQL Injection Vulnerability
A vulnerability in the web framework of Cisco Cloud Network Automation Provisioner CNAP could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...
CVE-2016-4350
CVE-2016-4350 affects SolarWinds SRM Profiler (formerly STM) Web Services before 6.2.3. Multiple SQL injection vulnerabilities exist across numerous servlets (e.g., ScriptServlet, WindowsEventLogsServlet, ProcessesServlet, BackupExceptionsServlet, BackupAssociationServlet, HostStorageServlet, Dup...
CVE-2016-2351
SQL injection vulnerability in home/seos/courier/securitykey2.api on the Accellion File Transfer Appliance FTA before FTA91240 allows remote attackers to execute arbitrary SQL commands via the clientid parameter...
CVE-2016-4351
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway TMEEG 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-4351
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway TMEEG 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-2299
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-2299
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-2301
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-3688
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr...
CVE-2016-3688
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr...
Sql injection
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr...
ProjectSend Multiple Vulnerabilities (Apr 2016) - Active Check
ProjectSend is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:projectsend:projectsend";...
Apache Jetspeed SQL Injection (CVE-2016-0710)
An SQL injection vulnerability exists in Apache Jetspeed. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...