13185 matches found
CVE-2013-3412
Cisco Unified Communications Manager (CUCM) is affected by a blind SQL injection vulnerability (CVE-2013-3412) in versions 7.1(x) through 9.1(2). The issue allows an authenticated, remote attacker to execute arbitrary SQL commands via unspecified vectors, potentially impacting confidentiality, in...
CVE-2013-3404
Cisco CUCM (7.1.x–9.1(1a)) is affected by a remote SQL injection vulnerability that allows an unauthenticated attacker to run arbitrary SQL via unspecified vectors and, via metadata, potentially reconstruct encrypted credentials. Exploitation can enable credential discovery and, in combination wi...
CVE-2013-3404
SQL injection vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051...
CVE-2013-3578
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server ERAS allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter aka the search field, leading to execution of operating-system...
Sql injection
SQL injection vulnerability in the management console aka Java console on the Symantec Security Information Manager SSIM appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-0560
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2012-5766...
CVE-2012-5766
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than...
CVE-2013-4748
SQL injection vulnerability in the News system news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the News system news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-6577
SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-6577
SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the metafeedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-4683
SQL injection vulnerability in the metafeedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-4634
SQL injection vulnerability in the jQuery autocomplete for indexedsearch rzautocomplete extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the jQuery autocomplete for indexedsearch rzautocomplete extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-4634
SQL injection vulnerability in the jQuery autocomplete for indexedsearch rzautocomplete extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
GLPI 0.83.8 SQL Injection Vulnerability
GLPI version 0.83.8 suffers from multiple error-based SQL injection vulnerabilities. Input passed via the POST parameter 'usersidassign' in '/ajax/ticketassigninformation.php' script, POST parameter 'filename' in '/front/document.form.php' script, and POST parameter 'table' in...
CVE-2013-3957
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors...