Total
15128 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-125040 | 1 Devnewsaggregator Project | 1 Devnewsaggregator | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484. | |||||
CVE-2014-125038 | 1 Is Projecto2 Project | 1 Is Projecto2 | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument date leads to sql injection. The name of the patch is aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217192. | |||||
CVE-2014-125037 | 1 License To Kill Project | 1 License To Kill | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The patch is named cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217191. | |||||
CVE-2014-125032 | 1 Go-with-me Project | 1 Go-with-me | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/frontend/add.php. The manipulation leads to sql injection. The identifier of the patch is b92451e4f9e85e26cf493c95ea0a69e354c35df9. It is recommended to apply a patch to fix this issue. The identifier VDB-217177 was assigned to this vulnerability. | |||||
CVE-2014-125029 | 1 Paginationserviceprovider Project | 1 Paginationserviceprovider | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability. | |||||
CVE-2014-10387 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. | |||||
CVE-2014-10379 | 1 Duplicate Post Project | 1 Duplicate Post | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The duplicate-post plugin before 2.6 for WordPress has SQL injection. | |||||
CVE-2014-10376 | 1 Themeist | 1 I Recommend This | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. | |||||
CVE-2013-5945 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. | |||||
CVE-2013-5743 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. | |||||
CVE-2013-4717 | 1 Otrs | 2 Otrs, Otrs Itsm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. | |||||
CVE-2013-3932 | 1 Jomres | 1 Jomres | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php. | |||||
CVE-2013-3638 | 1 Boonex | 1 Dolphin | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'. | |||||
CVE-2013-3000 | 1 Ibm | 1 Infosphere Data Replication Dashboard | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. IBM X-Force ID: 84116. | |||||
CVE-2013-2745 | 2 Debian, Minidlna Project | 2 Debian Linux, Minidlna | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0 | |||||
CVE-2013-2738 | 1 Readymedia Project | 1 Readymedia | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
minidlna has SQL Injection that may allow retrieval of arbitrary files | |||||
CVE-2013-2091 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. | |||||
CVE-2013-2018 | 1 Berkeley | 1 Boinc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-1401 | 1 Cardozatechnologies | 1 Wordpress Poll | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll. | |||||
CVE-2013-1400 | 1 Cardozatechnologies | 1 Wordpress Poll | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action. |