CVE-2014-3962

Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to 1 videocat.php or 2 single.php...

Medium: lighttpd

Issue Overview: Multiple directory traversal vulnerabilities in 1 modevhost and 2 modsimplevhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. dot dot in the host name, related to requestcheckhostname. SQL injection vulnerability in modmysqlvhost.c in lighttpd...

Sql injection

SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-3932

SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters...

Sql injection

SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter...

Sql injection

SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters...

Sql injection

SQL injection vulnerability in the SubmitNews module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics parameter to modules.php...

WordPress Plugin Participants Database 1.5.4.8 - SQL Injection

Yarubo 1: Arbitrary SQL Execution in Participants Database for Wordpress ========================================================================= Program: Participants Database = 1.5.4.8 Severity: Unauthenticated attacker can fully compromise the Wordpress installation Permalink:...

CVE-2014-3415

SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the inviteusers parameter to the /invite page for a group...

Sql injection

SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the inviteusers parameter to the /invite page for a group...

CVE-2014-3415

SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the inviteusers parameter to the /invite page for a group...

CVE-2014-3415

Affected software : Sharetronix (v3.3 and probably prior). Vulnerability : SQL Injection (CWE-89) via the invite_users[] parameter on the /[group]/invite page. Input is not properly sanitized before being used in a SQL query, enabling a remote authenticated user to execute arbitrary SQL commands ...

Sql injection

SQL injection vulnerability in the web framework in Cisco Identity Services Engine ISE 1.2.1 patch 2 and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337...

CVE-2014-3783

SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categoriesorder parameter...

CVE-2014-3210

CVE-2014-3210 describes an SQL injection in the WordPress Booking System (Booking Calendar) plugin. The vulnerability affects the plugin’s dopbs-backend-forms.php and allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter sent to wp-admin/admin-ajax....

CVE-2014-3749

SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp...

Sql injection

SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp...

CVE-2014-3749

SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp...

CVE-2014-3749

CVE-2014-3749 affects Construtiva CIS Manager. The vulnerability is an SQL injection in the POST parameter email to autenticar/lembrarlogin.asp, allowing remote attackers to infer/modify data by sending crafted input. Documented as error-based SQL injection with the email field, consistent with t...

Sql injection

SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests...