Sql injection

SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional aka AWP PRO 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the groupid parameter in a listzone action to cgi/client.cgi...

CVE-2014-9347

SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the wordsexact parameter...

CVE-2014-5462

Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 Patch 7 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 layoutid parameter to interface/super/editlayout.php; 2 formpatientid, 3 formdrugname, or 4 formlotnumber parameter to...

Sql injection

SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is alrea...

CVE-2014-3996

SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central DC and Desktop Central Managed Service Providers MSP edition before 9 build 90043, Password Manager Pro PMP and Password Manager Pro Managed Service Providers MSP edition before 7 build 7003, IT360 and...

CVE-2014-3997

SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro PMP and Password Manager Pro Managed Service Providers MSP edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers MSP edition before 10.3.3 build 10330, and possibly other ManageEngi...

CVE-2014-7867

SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeNa...

Sql injection

Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the 1 OPMBVNAME parameter in a Delete operation to the APMBVHandler servlet ...

Sql injection

SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeNa...

CVE-2014-9240

SQL injection vulnerability in member.php in MyBB aka MyBulletinBoard 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the questionid parameter in a doregister action...

CVE-2014-9237

SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request...

CVE-2014-9235

Multiple SQL injection vulnerabilities in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 action parameter to group.php or 2 user.php or the 3 locationid parameter to photos.php in php/...

Sql injection

Multiple SQL injection vulnerabilities in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 action parameter to group.php or 2 user.php or the 3 locationid parameter to photos.php in php/...

Sql injection

SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request...

Sql injection

SQL injection vulnerability in the IPS Connect service interface/ipsconnect/ipsconnect.php in Invision Power Board aka IPB or IP.Board 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id parameter...

Sql injection

SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the pageid parameter...

CVE-2014-9240

CVE-2014-9240 affects MyBB (MyBulletinBoard) 1.8.x before 1.8.2. The vulnerability is an SQL injection in member.php, exploitable via the question_id parameter in a do_register action, allowing remote attackers to execute arbitrary SQL commands. The issue is documented across multiple sources (NV...

CVE-2014-9237

SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request...

CVE-2014-9220

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modifyschedule OMP command...

JVN#70490316: DBD::PgPP vulnerable to SQL injection

DBD::PgPP is a pure-Perl client interface for the PostgreSQL database. DBD::PgPP contains a SQL injection vulnerability. Impact If DBD::PgPP is used in a program, a remote attacker may execute an arbitrary SQL command. Solution Update the software Update to the latest version according to the...