13185 matches found
CVE-2012-5367
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to 1 viewCustomers, 2 viewPayGrades, or 3 viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site reques...
Sql injection
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to 1 viewCustomers, 2 viewPayGrades, or 3 viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site reques...
Sql injection
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-5367
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to 1 viewCustomers, 2 viewPayGrades, or 3 viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site reques...
CVE-2012-4479
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-6039
SQL injection vulnerability in viewcomments.php in YABSoft Advanced Image Hosting AIH Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter...
CVE-2012-2086
SQL injection vulnerability in the getlastconversationlines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter...
Sql injection
SQL injection vulnerability in the getlastconversationlines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter...
CVE-2012-2086
CVE-2012-2086: A SQL injection vulnerability exists in Gajim’s get_last_conversation_lines (common/logger.py) prior to 0.15, allowing remote attackers to execute arbitrary SQL commands through the jig parameter. This is documented across multiple sources (OSV/OSVDB/NVD mirrors and Gentoo GLSA ref...
CVE-2012-2086
SQL injection vulnerability in the getlastconversationlines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter...
CVE-2012-4941
Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-4941
Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-5909
SQL injection vulnerability in admin/modules/user/users.php in MyBB aka MyBulletinBoard 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditionsusergroup parameter in a search action to admin/index.php...
CVE-2012-5900
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the 1 OBID parameter in a single action to admin/action/objects.php, 2 AREAID parameter in a single action to admin/action/areas.php, or 3 start parameter in a show action...
CVE-2012-5894
SQL injection vulnerability in havapost.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter...
Sql injection
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the 1 OBID parameter in a single action to admin/action/objects.php, 2 AREAID parameter in a single action to admin/action/areas.php, or 3 start parameter in a show action...
Sql injection
SQL injection vulnerability in havapost.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter...
Sql injection
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter...