13184 matches found
Sql injection
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter...
CVE-2014-8295
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter...
CVE-2014-8294
CVE-2014-8294 affects Voice Of Web AllMyGuests 0.4.1. The vulnerability allows remote attackers to inject arbitrary SQL via (1) the allmyphp_cookie cookie to admin.php or (2) the Username or (3) Password fields. Root cause: SQL injection in login/auth and cookie-handling logic. Impact: arbitrary ...
drupal7 -- SQL injection
Drupal Security Team reports: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution...
CVE-2014-8766
Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter in a browse action to index.php or 2 unspecified parameters to admin.php...
CVE-2014-4313
SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field...
CVE-2014-4313
SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field...
CVE-2014-7201
Multiple SQL injection vulnerabilities in the search function in pi1/class.txdmmjobcontrolpi1.php in the JobControl dmmjobcontrol extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the 1 education, 2 region, or 3 sector fields, as demonstrated by t...
Sql injection
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data...
CVE-2014-7981
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-7981
CVE-2014-7981 (Joomla! CMS) affects Joomla! 3.1.x and 3.2.x before 3.2.3. The vulnerability is a SQL injection in the weblinks-categories path due to improper input sanitization, allowing unauthenticated remote attackers to manipulate SQL and potentially disclose or modify data. Public references...
CVE-2014-5308
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the 1 name parameter in a Search action to lib/project/projectView.php or 2 id parameter to lib/events/eventinfo.php...
Sql injection
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the 1 name parameter in a Search action to lib/project/projectView.php or 2 id parameter to lib/events/eventinfo.php...
CVE-2014-5308
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the 1 name parameter in a Search action to lib/project/projectView.php or 2 id parameter to lib/events/eventinfo.php...
Sql injection
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the addguestuser opcode...
Sql injection
SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php...
CVE-2014-6295
SQL injection vulnerability in the WEC Map wecmap extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-6293
SQL injection vulnerability in the Statistics kestats extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014...
Sql injection
SQL injection vulnerability in the WEC Map wecmap extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-6295
SQL injection vulnerability in the WEC Map wecmap extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...