Total
15142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-10035 | 1 Angular-test-reporter Project | 1 Angular-test-reporter | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715. | ||||
| CVE-2015-10034 | 1 Workout-organizer Project | 1 Workout-organizer | 2024-11-21 | 5.5 Medium |
| A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability. | ||||
| CVE-2015-10031 | 1 Github | 1 491-project | 2024-11-21 | 5.5 Medium |
| A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217648. | ||||
| CVE-2015-10026 | 1 Flairbot Project | 1 Flairbot | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in tiredtyrant flairbot. It has been declared as critical. This vulnerability affects unknown code of the file flair.py. The manipulation leads to sql injection. The patch is identified as 5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb. It is recommended to apply a patch to fix this issue. VDB-217618 is the identifier assigned to this vulnerability. | ||||
| CVE-2015-10022 | 1 Nlgis2 Project | 1 Nlgis2 | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in IISH nlgis2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file scripts/etl/custom_import.pl. The manipulation leads to sql injection. The identifier of the patch is 8bdb6fcf7209584eaf1232437f0f53e735b2b34c. It is recommended to apply a patch to fix this issue. The identifier VDB-217609 was assigned to this vulnerability. | ||||
| CVE-2015-10020 | 1 Cis450project Project | 1 Cis450project | 2024-11-21 | 5.5 Medium |
| A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is 39b495011437a105c7670e17e071f99195b4922e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218380. | ||||
| CVE-2015-10018 | 1 Weberp | 1 D2files | 2024-11-21 | 5.5 Medium |
| A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The identifier of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability. | ||||
| CVE-2015-10017 | 1 Hpi | 1 Prolod | 2024-11-21 | 5.5 Medium |
| A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. This vulnerability affects unknown code. The manipulation of the argument this leads to sql injection. The name of the patch is 3f710905458d49c77530bd3cbcd8960457566b73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217552. | ||||
| CVE-2015-10014 | 1 Uke Project | 1 Uke | 2024-11-21 | 5.5 Medium |
| A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The identifier of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. The identifier VDB-217485 was assigned to this vulnerability. | ||||
| CVE-2015-0270 | 1 Zend | 1 Framework | 2024-11-21 | 9.8 Critical |
| Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. | ||||
| CVE-2015-0244 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql, Enterprise Linux and 2 more | 2024-11-21 | 9.8 Critical |
| PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. | ||||
| CVE-2014-9613 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. | ||||
| CVE-2014-9612 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. | ||||
| CVE-2014-8941 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 9.8 Critical |
| Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI. | ||||
| CVE-2014-8673 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 9.8 Critical |
| Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33. | ||||
| CVE-2014-8089 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | ||||
| CVE-2014-7257 | 1 Dbd\ | 1 \ | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in DBD::PgPP 0.05 and earlier | ||||
| CVE-2014-6045 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function. | ||||
| CVE-2014-5140 | 1 Loadedcommerce | 1 Loaded7 | 2024-11-21 | 8.8 High |
| The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book. | ||||
| CVE-2014-5071 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username. | ||||