Search Results (19864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-0763 1 Commodityrentals 1 Vacation Rental Software 2025-04-11 N/A
SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action.
CVE-2010-2716 1 Rich Kavanagh 1 Psnews 2025-04-11 N/A
Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php.
CVE-2012-6496 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more 5 1, Openshift, 1.1 and 2 more 2025-04-11 N/A
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.
CVE-2012-6497 1 Rubyonrails 1 Rails 2025-04-11 N/A
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.
CVE-2012-6526 1 Vastal 1 Freelance Zone 2025-04-11 N/A
SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter.
CVE-2010-1009 2 Joachim-ruhs, Typo3 2 Educator, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1026 2 Mathon Nicolas, Typo3 2 Tmsw Cleandb, Typo3 2025-04-11 N/A
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-0140 1 Mcafee 1 Epolicy Orchestrator 2025-04-11 N/A
SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.
CVE-2013-0135 1 Chatelao 1 Php Address Book 2025-04-11 N/A
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.
CVE-2010-1024 2 Chris Wederka, Typo3 2 Tgm Newsletter, Typo3 2025-04-11 N/A
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-0994 1 Zenphoto 1 Zenphoto 2025-04-11 N/A
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.
CVE-2012-1225 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.
CVE-2013-0451 1 Ibm 1 Maximo Asset Management 2025-04-11 N/A
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-0511 1 Ibm 1 Security Appscan 2025-04-11 N/A
Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
CVE-2012-1777 1 F5 1 Firepass 2025-04-11 N/A
SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.
CVE-2012-1784 1 Myjoblist 1 Myjoblist 2025-04-11 N/A
SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php.
CVE-2010-2847 2 Gonzalo Maser, Joomla 2 Com Artforms, Joomla\! 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.
CVE-2013-4827 1 Hp 2 Imc Service Operation Management Software Module, Intelligent Management Center 2025-04-11 N/A
SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664.
CVE-2012-2007 1 Hp 1 Performance Insight 2025-04-11 N/A
SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1026 1 Johannes Ekberg 1 Xray Cms 2025-04-11 N/A
Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.