CVE-2014-2351

CSWorks software framework vulnerability (CVE-2014-2351) affects the CSWorks LiveData service before version 2.5.5233.0. The flaw arises from improper handling of data used to construct read/write paths in web API requests, enabling SQL injection. References indicate that remote attackers could p...

Sql injection

Multiple SQL injection vulnerabilities in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the 1 search or 2 list functionality...

CVE-2014-0137

SQL injection vulnerability in the savedreportdelete action in the ReportController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists...

CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...

Sql injection

SQL injection vulnerability in the savedreportdelete action in the ReportController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists...

CVE-2014-3246

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileviewlist action to manageajax.php...

CVE-2011-4970

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the 1 rtoken variable in the dpmgetpendingreqbytoken, 2 dpmgetcprbyfullid, 3 dpmgetcprbysurl, 4 dpmgetcprbysurls, 5 dpmgetgfrbyfullid,...

CVE-2014-3246

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileviewlist action to manageajax.php...

Sql injection

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the 1 rtoken variable in the dpmgetpendingreqbytoken, 2 dpmgetcprbyfullid, 3 dpmgetcprbysurl, 4 dpmgetcprbysurls, 5 dpmgetgfrbyfullid,...

CVE-2011-4970

Removed by vendor...

CVE-2011-4970

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the 1 rtoken variable in the dpmgetpendingreqbytoken, 2 dpmgetcprbyfullid, 3 dpmgetcprbysurl, 4 dpmgetcprbysurls, 5 dpmgetgfrbyfullid,...

CVE-2014-3246

CVE-2014-3246 affects Collabtive (1.2/1.12). A SQL injection exists in the folder parameter of the fileview_list action in manageajax.php, exploitable by authenticated users. Several connected sources document the vulnerability, including exploit notes showing the folder parameter can be manipula...

CVE-2014-2934

Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to 1 costview2/jobs.php or 2 costview2/printers.php...

Sql injection

Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to 1 costview2/jobs.php or 2 costview2/printers.php...

CVE-2013-1803

Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the 1 orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a 2 parameter name starting with...

Sql injection

SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803...

CVE-2013-7375

SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803...

SQL Injection in mAdserve

Advisory ID: HTB23209 Product: mAdserve Vendor: MobFox Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: March 26, 2014 without technical details Vendor Notification: March 26, 2014 Public Disclosure: April 16, 2014 Vulnerability Type: SQL Injection CWE-89 CVE...

Sql injection

SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATHINFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of the...

CVE-2014-3138

SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATHINFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of the...