13185 matches found
CVE-2014-4644
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2014-4644
CVE-2014-4644 (Cacti Superlinks Plugin 1.4-2) : A SQL injection vulnerability exists in the superlinks.php file of the Superlinks plugin for Cacti (version 1.4-2). The vulnerability is triggered via the id parameter, enabling remote attackers to execute arbitrary SQL commands. Public exploit acti...
CVE-2014-1651
SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway SWG before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-1650
SQL injection vulnerability in user.php in the management console in Symantec Web Gateway SWG before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway SWG before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in user.php in the management console in Symantec Web Gateway SWG before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-2949
SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-4305
Multiple SQL injection vulnerabilities in NICE Recording eXpress aka Cybertech eXpress 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter...
CVE-2014-4307
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter...
web2Project 3.1 SQL Injection
Advisory ID: HTB23213 Product: web2Project Vendor: http://web2project.net Vulnerable Versions: 3.1 and probably prior Tested Version: 3.1 Advisory Publication: April 30, 2014 without technical details Vendor Notification: April 30, 2014 Vendor Patch: May 1, 2014 Public Disclosure: June 18, 2014...
SePortal staticpages SQL Injection (CVE-2008-5191)
An SQL injection vulnerability has been reported in SePortal. A remote attacker may exploit this issue by executing arbitrary SQL commands via the pollid parameter to pool.php and the spid parameter to staticpages.php. Successful exploitation could cause an SQL statement execution on the server,...
Sql injection
Multiple SQL injection vulnerabilities in the file browser component wefs.php in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the 1 table or 2 order parameter...
CVE-2014-4034
SQL injection vulnerability in zeroviewarticle.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter...
Sql injection
SQL injection vulnerability in zeroviewarticle.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter...
CVE-2014-4034
SQL injection vulnerability in zeroviewarticle.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter...
CVE-2014-3287
Affected software : Cisco Unified Communications Manager (Cisco Unified CM) – Java interface, specifically the BulkViewFileContentsAction.java. Vulnerability : SQL injection via crafted filename parameters in a URL, leading to arbitrary SQL execution. Impact : Authenticated, remote attacker could...
Sql injection
SQL injection vulnerability in the checkEmailFormat function in plugins/jojocore/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/...
Sql injection
Multiple SQL injection vulnerabilities in FrontAccounting FA before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-3961
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/...