Search Results (37605 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3962 1 Videos Tube Project 1 Videos Tube 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.
CVE-2014-2311 1 Modx 1 Modx Revolution 2025-04-12 N/A
SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-3978 1 Tomatocart 1 Tomatocart 2025-04-12 N/A
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.
CVE-2014-3992 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
CVE-2015-0286 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Jboss Core Services and 1 more 2025-04-12 N/A
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.
CVE-2014-9519 1 Infinitewp 1 Infinitewp 2025-04-12 N/A
SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.
CVE-2014-9520 1 Infinitewp 1 Infinitewp 2025-04-12 N/A
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.
CVE-2014-8367 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-12 N/A
SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-8363 1 Wordpress Spreadsheet Project 1 Wordpress Spreadsheet 2025-04-12 N/A
SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
CVE-2014-8995 1 Maarch 1 Letterbox 2025-04-12 N/A
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
CVE-2014-8351 1 French National Commission On Informatics And Liberty 1 Cookieviz 2025-04-12 N/A
SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter.
CVE-2013-3478 1 Apptha 1 Video Gallery Plugin 2025-04-12 N/A
SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php.
CVE-2014-9573 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.
CVE-2014-8306 1 C97 1 Cart Engine 2025-04-12 N/A
SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.
CVE-2014-4617 3 Debian, Gnupg, Opensuse 3 Debian Linux, Gnupg, Opensuse 2025-04-12 N/A
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
CVE-2014-8295 1 Bacula 1 Bacula-web 2025-04-12 N/A
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
CVE-2014-4649 1 Piwigo 1 Piwigo 2025-04-12 N/A
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.
CVE-2013-3081 1 Jojocms 1 Jojo-cms 2025-04-12 N/A
SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/.
CVE-2014-4852 1 Thedigitalcraft 1 Atomcms 2025-04-12 N/A
SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2014-4858 1 Sabreairlinesolutions 5 Crew Management, Crew Operations, Crew Planning and 2 more 2025-04-12 N/A
Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.