Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-10-15 | CVE-2015-7725 | SQL Injection vulnerability in SAP Hana 1.00.091.00 Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765. | 6.5 |
2015-10-12 | CVE-2015-6331 | SQL Injection vulnerability in Cisco Prime Collaboration Assurance 10.5.1 SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887. | 6.5 |
2015-10-12 | CVE-2015-6329 | SQL Injection vulnerability in Cisco Prime Collaboration Provisioning 10.6.0/11.0.0 SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. | 6.5 |
2015-10-11 | CVE-2015-5659 | SQL Injection vulnerability in Network Applied Communication Laboratory Shimane Prefecture CMS 2.0.0 SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-11 | CVE-2015-5648 | SQL Injection vulnerability in Loenshotel PHPrechnung SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-06 | CVE-2015-5642 | SQL Injection vulnerability in ICZ Matchasns Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-06 | CVE-2015-5641 | SQL Injection vulnerability in Basercms SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-10-06 | CVE-2015-4967 | SQL Injection vulnerability in IBM products SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2015-09-29 | CVE-2015-7319 | SQL Injection vulnerability in Codepeople Appointment Booking Calendar SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username. | 7.5 |
2015-09-28 | CVE-2015-5703 | SQL Injection vulnerability in Open-Xchange OX Guard Open-Xchange OX Guard SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |