13185 matches found
CVE-2014-6295
SQL injection vulnerability in the WEC Map wecmap extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-6242
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...
Sql injection
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...
CVE-2012-0811
Multiple SQL injection vulnerabilities in Postfix Admin aka postfixadmin before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via 1 the pw parameter to the pacrypt function, when mysqlencrypt is configured, or 2 unspecified vectors that are used in backup files generate...
Sql injection
Multiple SQL injection vulnerabilities in Postfix Admin aka postfixadmin before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via 1 the pw parameter to the pacrypt function, when mysqlencrypt is configured, or 2 unspecified vectors that are used in backup files generate...
CVE-2012-0811
Multiple SQL injection vulnerabilities in Postfix Admin aka postfixadmin before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via 1 the pw parameter to the pacrypt function, when mysqlencrypt is configured, or 2 unspecified vectors that are used in backup files generate...
CVE-2003-1598
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable...
Sql injection
SQL injection vulnerability in the editgallery function in admin/galleryfunc.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php...
CVE-2014-4424
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-4424
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-4824
SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-4824
SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to apiv2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS...
Sql injection
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter...
Sql injection
SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter...
CVE-2014-5440
SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter...
CVE-2014-5440
MX-SmartTimer (MPEX Business Solutions) is affected by CVE-2014-5440 due to an SQL injection in Login.aspx. The vulnerability enables remote attackers to send SQL commands via the ct100%24CPHContent%24password parameter in versions before 13.19.18, potentially bypassing authentication and executi...
CVE-2014-6241
SQL injection vulnerability in the wtdirectory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...