13184 matches found
Sql injection
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent...
Sql injection
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter...
CVE-2015-4628
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter...
CVE-2015-4454
SQL injection vulnerability in the gethashgraphtemplate function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graphtemplateid parameter to graphtemplates.php...
Sql injection
SQL injection vulnerability in mod1/index.php in the Akronymmanager sbakronymmanager extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in the gethashgraphtemplate function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graphtemplateid parameter to graphtemplates.php...
Sql injection
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id...
CVE-2015-2803
SQL injection vulnerability in mod1/index.php in the Akronymmanager sbakronymmanager extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter...
CVE-2015-4342
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id...
CVE-2015-4188
Cisco Prime Collaboration Manager SQL Injection (CVE-2015-4188) affects the Manager interface of Cisco Prime Collaboration 10.5(1). A lack of input validation on user-supplied input in SQL queries allows remote attackers to craft URLs to execute arbitrary SQL commands, potentially exposing or man...
ManageEngine Applications Manager IT360UtilitiesServlet SQLi
The remote host is running a version of ManageEngine Applications Manager that is affected by a SQL injection vulnerability due to improper validation of user-supplied input to the 'IT360UtilitiesServlet' servlet. A remote attacker can exploit this flaw to execute arbitrary SQL statements. Note...
CVE-2015-4613
SQL injection vulnerability in the backend module in the Developer Log devlog extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-4611
SQL injection vulnerability in the Smoelenboek ncgovsmoelenboek extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-4609
SQL injection vulnerability in the wtdirectory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the Store Locator locator extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the "FAQ - Frequently Asked Questions" jsfaq extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the Smoelenboek ncgovsmoelenboek extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-4611
SQL injection vulnerability in the Smoelenboek ncgovsmoelenboek extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-4609
SQL injection vulnerability in the wtdirectory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-4348
SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors...