Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-10-13 CVE-2016-8564 SQL Injection vulnerability in Siemens Automation License Manager 5.3
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
network
low complexity
siemens CWE-89
6.5
6.5
2016-10-06 CVE-2016-1000217 SQL Injection vulnerability in Zotpress Project Zotpress 6.1.2
Zotpress plugin for WordPress SQLi in zp_get_account()
network
low complexity
zotpress-project CWE-89
critical
 9.8
9.8
2016-10-06 CVE-2016-1000125 SQL Injection vulnerability in Huge-It Catalog 1.0.7
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
network
low complexity
huge-it CWE-89
critical
 9.8
9.8
2016-10-06 CVE-2016-1000124 SQL Injection vulnerability in Huge-It Portfolio Gallery 1.0.6
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
network
low complexity
huge-it CWE-89
critical
 9.8
9.8
2016-10-06 CVE-2016-1000123 SQL Injection vulnerability in Huge-It Video Gallery 1.0.9
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
network
low complexity
huge-it CWE-89
critical
 9.8
9.8
2016-10-06 CVE-2016-1000113 SQL Injection vulnerability in Huge-It Gallery 1.1.5
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
network
low complexity
huge-it CWE-89
critical
 9.8
9.8
2016-10-06 CVE-2016-1000000 SQL Injection vulnerability in Progress Whatsup Gold
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
network
low complexity
progress CWE-89
8.8
8.8
2016-10-06 CVE-2015-1000011 SQL Injection vulnerability in Dukapress Project Dukapress 2.5.9
Blind SQL Injection in wordpress plugin dukapress v2.5.9
network
low complexity
dukapress-project CWE-89
critical
 9.8
9.8
2016-10-06 CVE-2015-1000003 SQL Injection vulnerability in Filedownload Project Filedownload 1.4
Blind SQL Injection in filedownload v1.4 wordpress plugin
network
low complexity
filedownload-project CWE-89
critical
 9.8
9.8
2016-10-05 CVE-2016-6652 SQL Injection vulnerability in Pivotal Software Spring Data JPA 1.10.2
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.
network
high complexity
pivotal-software CWE-89
5.6
5.6