ReportizFlow
Filtered by vendor
Subscriptions
Total
15170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0244 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql, Enterprise Linux and 2 more | 2024-11-21 | 9.8 Critical |
| PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. | ||||
| CVE-2014-9613 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. | ||||
| CVE-2014-9612 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. | ||||
| CVE-2014-8941 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 9.8 Critical |
| Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI. | ||||
| CVE-2014-8673 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 9.8 Critical |
| Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33. | ||||
| CVE-2014-8089 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | ||||
| CVE-2014-7257 | 1 Dbd\ | 1 \ | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in DBD::PgPP 0.05 and earlier | ||||
| CVE-2014-6045 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function. | ||||
| CVE-2014-5140 | 1 Loadedcommerce | 1 Loaded7 | 2024-11-21 | 8.8 High |
| The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book. | ||||
| CVE-2014-5071 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username. | ||||
| CVE-2014-4984 | 1 Dejavuprotech | 1 Crescendo - Sales Crm | 2024-11-21 | 9.8 Critical |
| Déjà Vu Crescendo Sales CRM has remote SQL Injection | ||||
| CVE-2014-4959 | 1 Google | 1 Android | 2024-11-21 | N/A |
| **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method. | ||||
| CVE-2014-4928 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | N/A |
| SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. | ||||
| CVE-2014-3868 | 1 Zeuscart | 1 Zeuscart | 2024-11-21 | 8.8 High |
| Multiple SQL injection vulnerabilities in ZeusCart 4.x. | ||||
| CVE-2014-3719 | 1 Exlibrisgroup | 1 Aleph 500 | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter. | ||||
| CVE-2014-3119 | 1 Web2project | 1 Web2project | 2024-11-21 | 8.8 High |
| Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php. | ||||
| CVE-2014-2652 | 1 Unify | 1 Openscape Deployment Service | 2024-11-21 | N/A |
| SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-1925 | 1 Koha | 1 Koha | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. | ||||
| CVE-2014-1924 | 1 Koha | 1 Koha | 2024-11-21 | 9.8 Critical |
| The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | ||||
| CVE-2014-1634 | 1 Magento | 1 Advanced Newsletter | 2024-11-21 | 9.8 Critical |
| SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. | ||||