Export limit exceeded: 18907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3287 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337. | ||||
| CVE-2014-3326 | 1 Cisco | 1 Security Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957. | ||||
| CVE-2014-3336 | 1 Cisco | 1 Unity Connection | 2025-04-12 | N/A |
| SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. | ||||
| CVE-2014-3339 | 1 Cisco | 2 Unified Communications Domain Manager, Unified Presence Server | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. | ||||
| CVE-2014-3366 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | ||||
| CVE-2014-3382 | 1 Cisco | 1 Asa | 2025-04-12 | N/A |
| The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027. | ||||
| CVE-2014-3415 | 1 Sharetronix | 1 Sharetronix | 2025-04-12 | N/A |
| SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group. | ||||
| CVE-2014-3446 | 1 Bss | 1 Continuity Cms | 2025-04-12 | N/A |
| SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter. | ||||
| CVE-2014-3482 | 2 Redhat, Rubyonrails | 3 Rhel Software Collections, Rails, Ruby On Rails | 2025-04-12 | N/A |
| SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. | ||||
| CVE-2014-10038 | 1 Domphp | 1 Domphp | 2025-04-12 | N/A |
| SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. | ||||
| CVE-2014-3704 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
| The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. | ||||
| CVE-2014-3749 | 1 Construtiva | 1 Cis Manager Cms | 2025-04-12 | N/A |
| SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp. | ||||
| CVE-2014-3759 | 1 Karlen Walter | 1 Si Bibtex | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search or (2) list functionality. | ||||
| CVE-2014-3773 | 1 Teampass | 1 Teampass | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/. | ||||
| CVE-2014-3783 | 1 Dotclear | 1 Dotclear | 2025-04-12 | N/A |
| SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter. | ||||
| CVE-2014-4313 | 1 Epicor | 1 Epicor Procurement | 2025-04-12 | N/A |
| SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field. | ||||
| CVE-2016-8908 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8907 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2014-0137 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists. | ||||
| CVE-2013-7406 | 1 Mrbs Project | 1 Mrbs | 2025-04-12 | N/A |
| SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||