Search Results (37607 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6331 1 Ibm 1 Algo One 2025-04-12 N/A
SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6302.
CVE-2013-6311 1 Ibm 1 Marketing Platform 2025-04-12 N/A
SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-6423 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-12 N/A
The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.
CVE-2012-6643 1 Clip-bucket 1 Clipbucket 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information.
CVE-2014-4850 1 Foecms 1 Foecms 2025-04-12 N/A
SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter.
CVE-2014-9560 1 Softbb 1 Softbb 2025-04-12 N/A
SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter.
CVE-2015-1875 1 Palosanto 1 Elastix 2025-04-12 N/A
SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter.
CVE-2014-4939 1 Enl Newsletter Plugin Project 1 Enl-newsletter 2025-04-12 N/A
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
CVE-2015-2728 4 Mozilla, Novell, Oracle and 1 more 6 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 3 more 2025-04-12 N/A
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.
CVE-2014-7814 1 Redhat 2 Cloudforms 3.1 Management Engine, Cloudforms Managementengine 2025-04-12 N/A
SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter.
CVE-2014-3562 2 Fedoraproject, Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2025-04-12 N/A
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
CVE-2014-5082 1 Sphider 1 Sphider 2025-04-12 N/A
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
CVE-2014-5089 1 Status2k 1 Status2k 2025-04-12 N/A
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.
CVE-2016-4837 1 Ec-cube 1 Discount Coupon 2025-04-12 9.8 Critical
SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-5102 1 Vbulletin 1 Vbulletin 2025-04-12 N/A
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.
CVE-2014-2839 1 Dev4press 1 Gd Star Rating 2025-04-12 N/A
SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php.
CVE-2013-7406 1 Mrbs Project 1 Mrbs 2025-04-12 N/A
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1867 2 Clusterlabs, Redhat 4 Pacemaker, Enterprise Linux, Enterprise Linux High Availability and 1 more 2025-04-12 N/A
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
CVE-2015-1369 1 Sequelize Project 1 Sequelize 2025-04-12 N/A
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2014-3565 4 Apple, Canonical, Net-snmp and 1 more 4 Mac Os X, Ubuntu Linux, Net-snmp and 1 more 2025-04-12 N/A
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.