Export limit exceeded: 18925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18925 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6496 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 5 1, Openshift, 1.1 and 2 more | 2025-04-11 | N/A |
| SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. | ||||
| CVE-2012-6526 | 1 Vastal | 1 Freelance Zone | 2025-04-11 | N/A |
| SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter. | ||||
| CVE-2013-5318 | 1 Benjamin Arnaudetr | 1 Ginkgocms | 2025-04-11 | N/A |
| SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php. | ||||
| CVE-2012-5227 | 1 Peel | 1 Peel Shopping | 2025-04-11 | N/A |
| SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-5003 | 1 E-soft24 | 1 Banner Exchange Script | 2025-04-11 | N/A |
| SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter. | ||||
| CVE-2012-4258 | 1 Myrephp | 1 Myre Real Estate Software | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php. | ||||
| CVE-2009-4965 | 2 Thomas Waggershauser, Typo3 | 2 Air Lexicon, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4955 | 2 Thomas Hempel, Typo3 | 2 Th Ultracards, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4949 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-4827 | 1 Hp | 2 Imc Service Operation Management Software Module, Intelligent Management Center | 2025-04-11 | N/A |
| SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664. | ||||
| CVE-2009-4947 | 1 Q2solutions | 1 Connx | 2025-04-11 | N/A |
| SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter. | ||||
| CVE-2009-4940 | 1 Zeuscart | 1 Zeuscart | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | ||||
| CVE-2009-4938 | 2 Joomla, Warphd | 2 Joomla\!, Com Jvideo | 2025-04-11 | N/A |
| SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. | ||||
| CVE-2010-1073 | 2 Joomla, Joshprakash | 2 Joomla\!, Com Jembed | 2025-04-11 | N/A |
| SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php. | ||||
| CVE-2013-3510 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component. | ||||
| CVE-2013-3527 | 1 Vanillaforums | 1 Vanilla | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest. | ||||
| CVE-2009-4936 | 1 Spirate | 1 Small Pirate | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php. | ||||
| CVE-2009-4935 | 1 Esoftpro | 1 Online Guestbook Pro | 2025-04-11 | N/A |
| SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter. | ||||
| CVE-2013-1852 | 1 Kolja Schleich | 1 Leaguemanager | 2025-04-11 | N/A |
| SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php. | ||||
| CVE-2009-4933 | 1 Winterwebs | 1 Ezwebitor | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information. | ||||