13185 matches found
CVE-2014-1597
SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI...
Sql injection
SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI...
Sql injection
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931...
CVE-2014-0821
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931...
doorGets CMS SQL injection vulnerability-vulnerability warning-the black bar safety net
Vulnerability version: doorGets CMS 5.2 Vulnerability description: CVE ID:CVE-2 0 1 4-1 4 5 9 doorGets CMS is a content management system. Since the transfer to"/dg-admin/index.php"script"positiondownid" HTTP POST parameters failed to adequately filtered, the attacker can access the management...
Sql injection
SQL injection vulnerability in the Certificate Authority Proxy Function CAPF implementation in Cisco Unified Communications Manager Unified CM 10.01 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483...
CVE-2014-0734
SQL injection vulnerability in the Certificate Authority Proxy Function CAPF implementation in Cisco Unified Communications Manager Unified CM 10.01 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483...
CVE-2013-5015
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager SEPM 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQ...
Sql injection
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager SEPM 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQ...
CVE-2013-5015
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager SEPM 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQ...
Sql injection
SQL injection vulnerability in the Enterprise Mobility Application EMApp interface in Cisco Unified Communications Manager UCM allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302...
Sql injection
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager UCM 10.01 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313...
CVE-2014-0728
Cisco Unified Communications Manager (UCM) Java database interface is affected by a SQL injection vulnerability in versions 10.0(1) and earlier. Root cause: failure to validate user-supplied input used to construct SQL queries, allowing remote attackers to execute arbitrary SQL via crafted URLs (...
CVE-2014-0728
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager UCM 10.01 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313...
CVE-2014-1401
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 search parameter to mod/content/content.php or 2 CLIENTIP, 3 XFORWARDEDFOR, 4 XFORWARDED, 5 FORWARDEDFOR, or 6 FORWARDED HTTP header to index.php...
CVE-2013-3294
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the 1 src or 2 username parameter to index.php...
CVE-2014-1459
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the positiondownid parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands...
Sql injection
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 search parameter to mod/content/content.php or 2 CLIENTIP, 3 XFORWARDEDFOR, 4 XFORWARDED, 5 FORWARDEDFOR, or 6 FORWARDED HTTP header to index.php...
Sql injection
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the positiondownid parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands...
CVE-2014-1401
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 search parameter to mod/content/content.php or 2 CLIENTIP, 3 XFORWARDEDFOR, 4 XFORWARDED, 5 FORWARDEDFOR, or 6 FORWARDED HTTP header to index.php...