Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-09-28 | CVE-2015-7382 | SQL Injection vulnerability in Refbase SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009. | 7.5 |
2015-09-28 | CVE-2015-6009 | SQL Injection vulnerability in Refbase Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382. | 7.5 |
2015-09-20 | CVE-2015-6548 | SQL Injection vulnerability in Symantec web Gateway Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 5.8 |
2015-09-20 | CVE-2014-9229 | SQL Injection vulnerability in Symantec Endpoint Protection Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. | 6.5 |
2015-09-20 | CVE-2015-6299 | SQL Injection vulnerability in Cisco Unity Connection 9.1(1)/9.1(2) SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. | 6.5 |
2015-09-18 | CVE-2015-7239 | SQL Injection vulnerability in SAP Netweaver J2Ee Engine 7.40 SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2015-09-17 | CVE-2015-7235 | SQL Injection vulnerability in CP Reservation Calender Project CP Reservation Calender Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI. | 7.5 |
2015-09-17 | CVE-2015-6962 | SQL Injection vulnerability in Teiko Farol SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. | 7.5 |
2015-09-16 | CVE-2015-6829 | SQL Injection vulnerability in Ciphercoin WP Limit Login Attempts 1.0/2.0 Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header. | 7.5 |
2015-09-15 | CVE-2015-6943 | SQL Injection vulnerability in S9Y Serendipity SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. | 6.0 |