Total
15593 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000044 | 1 Securityonion | 1 Squert | 2024-11-21 | N/A |
| Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec(). This vulnerability appears to have been fixed in 1.7.0. | ||||
| CVE-2018-0685 | 1 Neo | 1 Debun Pop | 2024-11-21 | N/A |
| SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search. | ||||
| CVE-2018-0607 | 1 Cybozu | 1 Garoon | 2024-11-21 | N/A |
| SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2018-0606 | 1 Pixelpost | 1 Pixelpost | 2024-11-21 | N/A |
| SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2018-0530 | 1 Cybozu | 1 Garoon | 2024-11-21 | N/A |
| SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-9839 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
| Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). | ||||
| CVE-2017-9426 | 1 Facetag Project | 1 Facetag | 2024-11-21 | N/A |
| ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action. | ||||
| CVE-2017-7997 | 1 Gespage | 1 Gespage | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp. | ||||
| CVE-2017-7351 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | N/A |
| A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload. | ||||
| CVE-2017-5971 | 1 Newsbee Project | 1 Newsbee | 2024-11-21 | N/A |
| SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2017-5814 | 1 Hp | 1 Network Automation | 2024-11-21 | N/A |
| A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||||
| CVE-2017-5812 | 1 Hp | 1 Network Automation | 2024-11-21 | N/A |
| A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||||
| CVE-2017-5810 | 1 Hp | 1 Network Automation | 2024-11-21 | N/A |
| A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||||
| CVE-2017-3181 | 1 Tibco | 7 Spotfire Analyst, Spotfire Client, Spotfire Connectors and 4 more | 2024-11-21 | N/A |
| Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client | ||||
| CVE-2017-20173 | 1 Contentmap Project | 1 Contentmap | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in AlexRed contentmap. It has been rated as critical. Affected by this issue is the function Load of the file contentmap.php. The manipulation of the argument contentid leads to sql injection. The name of the patch is dd265d23ff4abac97422835002c6a47f45ae2a66. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218492. | ||||
| CVE-2017-20172 | 1 Soundslike Project | 1 Soundslike | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. The patch is identified as 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a patch to fix this issue. VDB-218490 is the identifier assigned to this vulnerability. | ||||
| CVE-2017-20171 | 1 Apersistence Project | 1 Apersistence | 2024-11-21 | 5.5 Medium |
| A vulnerability classified as critical has been found in PrivateSky apersistence. This affects an unknown part of the file db/sql/mysqlUtils.js. The manipulation leads to sql injection. The identifier of the patch is 954425f61634b556fe644837a592a5b8fcfca068. It is recommended to apply a patch to fix this issue. The identifier VDB-218457 was assigned to this vulnerability. | ||||
| CVE-2017-20169 | 1 Ton-masterserver Project | 1 Ton-masterserver | 2024-11-21 | 5.5 Medium |
| A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The patch is identified as 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is recommended to apply a patch to fix this issue. VDB-218306 is the identifier assigned to this vulnerability. | ||||
| CVE-2017-20163 | 1 Nview Project | 1 Nview | 2024-11-21 | 5.5 Medium |
| A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217516. | ||||
| CVE-2017-20150 | 1 Challenge Website Project | 1 Challenge Website | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in challenge website. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is f1644b1d3502e5aa5284f31ea80d2623817f4d42. It is recommended to apply a patch to fix this issue. The identifier VDB-216989 was assigned to this vulnerability. | ||||