Export limit exceeded: 18385 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18385 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0199 | 1 Ibm | 1 Tivoli Provisioning Manager Express For Software Distribution | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file. | ||||
| CVE-2012-0805 | 2 Redhat, Sqlalchemy | 2 Enterprise Linux, Sqlalchemy | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function. | ||||
| CVE-2012-0905 | 1 Dev\!l\'s | 1 Dev\!l\'z Clanportal Gamebase Addon | 2025-04-11 | N/A |
| SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php. | ||||
| CVE-2012-0906 | 2 Dev\!l\'z, Mystarmedia | 2 Dev\!l\'z Clanportal, Moviebase Addon | 2025-04-11 | N/A |
| SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php. | ||||
| CVE-2012-0912 | 1 Stone-ware | 1 Webnetwork | 2025-04-11 | N/A |
| SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-0935 | 1 Aryadad | 1 Aryadad Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter. | ||||
| CVE-2012-0973 | 1 Osclass | 1 Osclass | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-0994 | 1 Zenphoto | 1 Zenphoto | 2025-04-11 | N/A |
| SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter. | ||||
| CVE-2012-0999 | 1 Lepton-cms | 1 Lepton | 2025-04-11 | N/A |
| SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter. | ||||
| CVE-2009-4860 | 1 Demarque | 1 Typing Pal | 2025-04-11 | N/A |
| SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter. | ||||
| CVE-2009-4933 | 1 Winterwebs | 1 Ezwebitor | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-1557 | 1 Parallels | 1 Parallels Plesk Panel | 2025-04-11 | N/A |
| SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. | ||||
| CVE-2012-1603 | 1 Nextbbs | 1 Nextbbs | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function. | ||||
| CVE-2012-1626 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2025-04-11 | N/A |
| SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1638 | 2 Dominique Clause, Drupal | 2 Search Autocomplete, Drupal | 2025-04-11 | N/A |
| SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1656 | 2 Drupal, Wesjones | 2 Drupal, Multisite Search | 2025-04-11 | N/A |
| SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field. | ||||
| CVE-2012-1673 | 1 Ola Lasisi | 1 E-ticketing | 2025-04-11 | N/A |
| SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2009-4925 | 1 Creasito | 1 Creasito E-commerce Content Manager | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php. | ||||
| CVE-2012-1777 | 1 F5 | 1 Firepass | 2025-04-11 | N/A |
| SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. | ||||
| CVE-2012-1778 | 1 Createvision | 1 Createvision Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||