CVE-2014-1459

SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the positiondownid parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands...

CVE-2013-5012

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway SWG appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Sql injection

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway SWG appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the leagueid parameter in the leaguemanager-export page to wp-admin/admin.php...

CVE-2013-1852

The CVE-2013-1852 issue affects the WordPress LeagueManager plugin prior to version 3.8.1, where an SQL injection vulnerability exists in the league_id parameter used by the leaguemanager_export flow. An attacker can exploit this via the leaguemanager-export page (wp-admin/admin.php) to inject ar...

CVE-2014-1471

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System OTRS 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL...

CVE-2014-1471

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System OTRS 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL...

Sql injection

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System OTRS 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL...

CVE-2014-1471

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System OTRS 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL...

Cybozu Garoon tid Parameter SQL Injection - Ver2 (CVE-2006-4444)

An SQL injection vulnerability has been reported in Cybozu Garoon. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

Benders Calendar index.php this_day Parameter SQL Injection - Ver2 (CVE-2006-0252)

An SQL injection vulnerability has been reported in Benders Calendar. A remote attacker could trigger this vulnerability via the year, month and day parameters. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

GeoBlog viewcat.php cat Parameter SQL Injection - Ver2 (CVE-2006-0249)

An SQL injection vulnerability has been reported in BitDamaged geoBlog MOD1.0. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2014-1204

SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled...

CVE-2014-1204

SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled...

CVE-2012-3000

Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the 1 APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and 2 AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote...

CVE-2013-4887

SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter...

Sql injection

SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified...

CVE-2013-6931

SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929...

Sql injection

SQL injection vulnerability in the JV Comment comjvcomment component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php...

CVE-2013-7175

Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 Title, 2 File name, or 3 Candidate Name field...