CVE-2014-5089

SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter...

WordPress StripShow Plugin <= 2.5.2 - SQL Injection

Because of this vulnerability in the stripshow-storylines page, remote authenticated administrators can execute arbitrary SQL commands in an edit action to wp-admin/admin.php via the "story" parameter. Solution Update the plugin...

Crescendo - Sales CRM SQL Injection

Crescendo - Sales CRM Authentication Bypass Vulnerability Exploit Title: Crescendo - Sales CRM Authentication Bypass Vulnerability Sql Injection Google Dork: N/A Date: July 15 , 2014 Exploit Author: Monendra Sahu [email protected] Vendor Homepage: http://dejavuprotech.com/crecendo.php Test...

ArticleFR 11.06.2014 (data.php) - Privilege Escalation

No description provided by source. Advisory ID: HTB23219 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 11.06.2014 and probably prior Tested Version: 11.06.2014 Advisory Publication: June 11, 2014 without technical details Vendor Notification: June 11, 2014 Public Disclosure:...

Sql injection

SQL injection vulnerability in the Unified Task List UTL Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-5104

Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 acountry parameter in a process action to affiliatesignup.php, 2 affiliatebannerid parameter to affiliateshowbanner.php, 3 country parameter in a process action to...

Sql injection

SQL injection vulnerability in maint/modules/endpointcfg/endpointgeneric.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action...

CVE-2014-5109

SQL injection vulnerability in maint/modules/endpointcfg/endpointgeneric.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action...

CVE-2014-5104

Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 acountry parameter in a process action to affiliatesignup.php, 2 affiliatebannerid parameter to affiliateshowbanner.php, 3 country parameter in a process action to...

CVE-2014-4858

Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password field...

Sql injection

SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteriastartswith parameter to ajax/render/memberlistitems...

CVE-2014-4736

SQL injection vulnerability in E2 before 2.4 2845 allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process...

Sql injection

SQL injection vulnerability in E2 before 2.4 2845 allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process...

CVE-2014-5017

SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipantsjson, related to a search paramet...

Sql injection

SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipantsjson, related to a search paramet...

CVE-2014-5017

SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipantsjson, related to a search paramet...

Sql injection

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...

CVE-2014-4977

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...

Sql injection

Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 categoryid or 2 pdfid parameter to wp-admin/admin.php...

CVE-2014-4013

SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...