Sql injection

SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in sesearchdefault in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in ajaxudf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-2316

Technical details for CVE-2014-2316 are not provided in the connected documents. The initial description notes an SQL injection in the Search Everything WordPress plugin, but no further specifics (versions, root cause, exploit, or patch) are present. Monitor for updates.

CVE-2013-1893

SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application...

CVE-2013-2046

SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the manage configuration page admconfigreport.php in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filterconfigid parameter...

Sql injection

SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php...

CVE-2014-2238

SQL injection vulnerability in the manage configuration page admconfigreport.php in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filterconfigid parameter...

Sql injection

SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified...

CVE-2013-6331

SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified...

CVE-2013-6302

SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified...

WordPress Plugin AdRotate SQL Injection (CVE-2014-1854)

An SQL injection vulnerability has been reported in the AdRotate plugin for WordPress. Remote attacker can exploit this vulnerability to execute arbitrary SQL commands on the target...

CVE-2014-2211

SQL injection vulnerability in portal/addtoapplication.php in POSH aka Posh portal or Portaneo 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter...

Sql injection

SQL injection vulnerability in portal/addtoapplication.php in POSH aka Posh portal or Portaneo 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter...

CVE-2014-2211

POSH (Posh portal / Portaneo) up to version 3.2.x is affected by an SQL injection in portal/addtoapplication.php via the rssurl parameter. The flaw allows remote attackers to inject and execute arbitrary SQL commands. Root cause is input handling for rssurl not being properly sanitized. Impact is...

Sql injection

SQL injection vulnerability in the login page in flexycms/modules/user/usermanager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin...

CVE-2013-2498

CVE-2013-2498 affects SimpleHRM (versions 2.3, 2.2 and earlier) and is caused by an SQL injection in the login page (flexycms/modules/user/user_manager.php). The vulnerability allows remote attackers to manipulate the username field passed to index.php/user/setLogin, enabling arbitrary SQL comman...

CVE-2013-2498

SQL injection vulnerability in the login page in flexycms/modules/user/usermanager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin...