Export limit exceeded: 18254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1506 | 1 Orangehrm | 1 Orangehrm | 2025-04-12 | N/A |
| SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2015-5504 | 1 Novalnet | 1 Novalnet Payment Module Ubercart- | 2025-04-12 | N/A |
| SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-2948 | 1 Bizagi | 1 Business Process Management Suite | 2025-04-12 | N/A |
| SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request. | ||||
| CVE-2012-4240 | 1 Group-office | 1 Groupoffice | 2025-04-12 | N/A |
| SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | ||||
| CVE-2015-6433 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | ||||
| CVE-2016-8904 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8905 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | ||||
| CVE-2016-8906 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8907 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8908 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2015-7299 | 1 Nintex | 3 K2 Blackpearl, K2 For Sharepoint, K2 Smartforms | 2025-04-12 | N/A |
| SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. | ||||
| CVE-2015-7319 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-04-12 | N/A |
| SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username. | ||||
| CVE-2015-7239 | 1 Sap | 1 Netweaver J2ee Engine | 2025-04-12 | N/A |
| SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-7235 | 1 Cp Reservation Calender Project | 1 Cp Reservation Calender | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI. | ||||
| CVE-2015-8369 | 1 Cacti | 1 Cacti | 2025-04-12 | N/A |
| SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | ||||
| CVE-2015-8377 | 1 Cacti | 1 Cacti | 2025-04-12 | N/A |
| SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. | ||||
| CVE-2016-0224 | 1 Ibm | 1 Marketing Platform | 2025-04-12 | N/A |
| SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-0233 | 1 Ibm | 1 Marketing Platform | 2025-04-12 | N/A |
| SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-0249 | 1 Ibm | 1 Security Guardium | 2025-04-12 | N/A |
| SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-1000115 | 1 Huge-it | 1 Portfolio Gallery Manager | 2025-04-12 | N/A |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | ||||