13185 matches found
CVE-2012-0747
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB, allows remote authenticated users to execute...
Sql injection
SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB, allows remote authenticated users to execute arbitrary S...
Sql injection
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB, allows remote authenticated users to execute...
Sql injection
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 togroup parameter to group.php or 2 id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565...
CVE-2012-2115
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter...
CVE-2012-1911
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 togroup parameter to group.php or 2 id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565...
CVE-2012-2740
SQL injection vulnerability in publichtml/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action...
Sql injection
SQL injection vulnerability in publichtml/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action...
CVE-2011-4448
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the defaultcommentdisplay parameter in an update action...
Sql injection
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activitywidgetfilter action...
CVE-2012-2109
The CVE-2012-2109 entry relates to a SQL injection in the BuddyPress WordPress plugin (1.5.x before 1.5.5) triggered via the page parameter in an activity_widget_filter action. Affected component is BuddyPress plugin for WordPress; root cause is unsafely constructed SQL from user-controllable inp...
CVE-2012-2109
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activitywidgetfilter action...
Sql injection
SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/withdb/loaddetails.php in EGroupware Enterprise Line EPL before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in e107admin/usersextended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the userfield parameter...
CVE-2011-5145
Multiple SQL injection vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 seldomainid or 2 action parameter to obm.php; 3 tfuser parameter in a search action to group/groupindex.php; 4...
CVE-2011-5140
Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to a tags.php, b list.php, c index.php, d mainindex.php, e viewpost.php, f archive.php, g control/approvecomments.php, h...
Sql injection
Multiple SQL injection vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 seldomainid or 2 action parameter to obm.php; 3 tfuser parameter in a search action to group/groupindex.php; 4...
Sql injection
Multiple SQL injection vulnerabilities in tForum b0.915 allow remote attackers to execute arbitrary SQL commands via the 1 TopicID parameter to viewtopic.php, the 2 BoardID parameter to viewboard.php, or 3 CatID parameter to viewcat.php...
Sql injection
Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to a tags.php, b list.php, c index.php, d mainindex.php, e viewpost.php, f archive.php, g control/approvecomments.php, h...
Sql injection
SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter...