Search Results (37556 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4827 1 Hp 2 Imc Service Operation Management Software Module, Intelligent Management Center 2025-04-11 N/A
SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664.
CVE-2014-1466 1 Csp Mysql User Manager Project 1 Csp Mysql User Manager 2025-04-11 N/A
SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page.
CVE-2014-1459 1 Doorgets 1 Doorgets Cms 2025-04-11 N/A
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVE-2010-3267 1 Ifdefined 1 Bugtracker.net 2025-04-11 N/A
Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information.
CVE-2011-2698 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-11 N/A
Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.
CVE-2012-4673 1 Thomas Hunter 1 Neoinvoice 2025-04-11 N/A
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477.
CVE-2013-4386 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2025-04-11 N/A
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
CVE-2010-3924 1 Aimluck 1 Aipo 2025-04-11 N/A
SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-3929 1 Modxcms 1 Evolution 2025-04-11 N/A
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.
CVE-2012-4281 1 Itechscripts 1 Travelon Express 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.
CVE-2010-2721 1 Rightinpoint 1 Lyrics Engine 2025-04-11 N/A
SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action.
CVE-2012-4479 2 David Alkire, Drupal 2 Drag \& Drop Gallery, Drupal 2025-04-11 N/A
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4079 2 Opensuse, Wireshark 2 Opensuse, Wireshark 2025-04-11 N/A
The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet.
CVE-2013-4078 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2025-04-11 N/A
epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2012-4539 1 Xen 1 Xen 2025-04-11 N/A
Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability."
CVE-2010-2357 1 Eicrasoft 1 Eicra Realestate Script 2025-04-11 N/A
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2299 1 Google 1 Chrome 2025-04-11 N/A
The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a "Type Confusion" issue.
CVE-2010-2141 1 Nitropowered 1 Nitro Web Gallery 2025-04-11 N/A
SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action.
CVE-2012-3477 1 Thomas Hunter 1 Neoinvoice 2025-04-11 N/A
SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action.
CVE-2010-2134 1 Http-solution 1 Project Man 2025-04-11 N/A
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.