Total
18979 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4669 | 1 Xceedium | 1 Xsuite | 2025-04-20 | N/A |
| The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | ||||
| CVE-2015-5533 | 1 Count Per Day Project | 1 Count Per Day | 2025-04-20 | N/A |
| SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2016-9728 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | N/A |
| IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543. | ||||
| CVE-2015-8334 | 1 Huawei | 2 Vcn500, Vcn500 Firmware | 2025-04-20 | N/A |
| SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | ||||
| CVE-2016-4337 | 1 Ktools | 1 Photostore | 2025-04-20 | N/A |
| SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. | ||||
| CVE-2016-7789 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | ||||
| CVE-2016-8025 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | N/A |
| SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. | ||||
| CVE-2017-11386 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | N/A |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549. | ||||
| CVE-2016-0769 | 1 Elfden | 1 Eshop Plugin | 2025-04-20 | N/A |
| Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter. | ||||
| CVE-2017-14601 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-20 | N/A |
| Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. | ||||
| CVE-2017-14125 | 1 Wpdevart | 1 Responsive Image Gallery Gallery Album | 2025-04-20 | N/A |
| SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. | ||||
| CVE-2017-15969 | 1 Pilotgroup | 1 Allsharevideo | 2025-04-20 | N/A |
| PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. | ||||
| CVE-2017-15971 | 1 Softdatepro | 1 Same Date Pro | 2025-04-20 | 9.8 Critical |
| Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972. | ||||
| CVE-2017-17576 | 1 Gigs Script Project | 1 Gigs Script | 2025-04-20 | 9.8 Critical |
| FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. | ||||
| CVE-2017-17580 | 1 Linkedin Clone Project | 1 Linkedin Clone | 2025-04-20 | 9.8 Critical |
| FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. | ||||
| CVE-2017-17589 | 1 Thumbtack Clone Project | 1 Thumbtack Clone | 2025-04-20 | 9.8 Critical |
| FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. | ||||
| CVE-2017-17598 | 1 Affiliate Mlm Script Project | 1 Affiliate Mlm Script | 2025-04-20 | N/A |
| Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. | ||||
| CVE-2017-17614 | 1 Hotel Restaurant Reviews And Feedback Script Project | 1 Hotel Restaurant Reviews And Feedback Script | 2025-04-20 | N/A |
| Food Order Script 1.0 has SQL Injection via the /list city parameter. | ||||
| CVE-2016-10134 | 1 Zabbix | 1 Zabbix | 2025-04-20 | N/A |
| SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. | ||||
| CVE-2016-9993 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | ||||