13185 matches found
CVE-2013-7262
The vulnerability CVE-2013-7262 affects MapServer (MapServer before 6.4.1) in the msPostGISLayerSetTimeFilter function (mappostgis.c). When using a WMS-Time service, a crafted PostGIS TIME filter can lead to remote SQL command execution, exposing SQL injection risk with partial confidentiality/in...
CVE-2013-7225
Multiple SQL injection vulnerabilities in app/controllers/homecontroller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via 1 the homepage timeline feature or 2 the activity feature...
CVE-2013-6983
SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615...
CVE-2013-7242
SQL injection vulnerability in zp-core/zp-extensions/wordpressimport.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter...
Sql injection
SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615...
CVE-2013-7242
SQL injection vulnerability in zp-core/zp-extensions/wordpressimport.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter...
CVE-2013-7232
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service...
Sql injection
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service...
CVE-2013-7232
Summary: CVE-2013-7232 is an SQL injection vulnerability in ESRI ArcGIS for Server up to version 10.2. The flaw allows remote attackers to execute arbitrary SQL commands via input to the map or feature service. Root cause involves unsanitized input being used in SQL queries exposed by the map/fea...
CVE-2013-6929
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input...
CVE-2013-7149
SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...
CVE-2013-7216
Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 ID parameter to demo/classifieds/product.asp, or 2 UserID or 3 Password field to demo/classifieds/admin.asp...
Sql injection
Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 ID parameter to demo/classifieds/product.asp, or 2 UserID or 3 Password field to demo/classifieds/admin.asp...
CVE-2013-7216
Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 ID parameter to demo/classifieds/product.asp, or 2 UserID or 3 Password field to demo/classifieds/admin.asp...
Sql injection
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...
CVE-2013-5409
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Sql injection
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-5409
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-7193
Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 pa parameter to auction/asp/list.asp, or the 2 UserID or 3 Password to auction/casp/admin.asp...
CVE-2013-2627
SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...