Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-18 | CVE-2015-8153 | SQL Injection vulnerability in Symantec Endpoint Protection Manager SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2016-03-12 | CVE-2015-7448 | SQL Injection vulnerability in IBM products SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 5.4 |
| 2016-02-19 | CVE-2016-1154 | SQL Injection vulnerability in Cuore Ec-Cube Help Plugin SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.1 |
| 2016-02-16 | CVE-2016-2386 | SQL Injection vulnerability in SAP Netweaver Application Server Java 7.40 SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. | 9.8 |
| 2016-02-07 | CVE-2016-1308 | SQL Injection vulnerability in Samsung X14J Firmware Tms14Jakucb1102.5 SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. | 6.5 |
| 2016-01-27 | CVE-2015-6319 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574. | 9.8 |
| 2016-01-15 | CVE-2015-3947 | SQL Injection vulnerability in Advantech Webaccess SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.1 |
| 2016-01-12 | CVE-2015-8769 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | 7.3 |
| 2016-01-08 | CVE-2015-8261 | SQL Injection vulnerability in Progress Whatsup Gold 16.3 The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. | 9.8 |
| 2016-01-08 | CVE-2015-6433 | SQL Injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | 6.5 |