Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-07-08 | CVE-2015-5452 | SQL Injection vulnerability in Watchguard XCS 10.0/9.2 SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3. | 7.5 |
2015-07-08 | CVE-2015-2866 | SQL Injection vulnerability in Grandstream Gxv3611 HD Firmware SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. | 7.5 |
2015-07-07 | CVE-2015-2849 | SQL Injection vulnerability in Antlabs products SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter. | 7.5 |
2015-07-05 | CVE-2015-4129 | SQL Injection vulnerability in Intelliants Subrion CMS SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie. | 6.5 |
2015-07-02 | CVE-2015-4233 | SQL Injection vulnerability in Cisco Unified Meetingplace 8.6(1.2) SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037. | 6.5 |
2015-06-30 | CVE-2015-5148 | SQL Injection vulnerability in Livelycart 1.2.0 SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search. | 7.5 |
2015-06-28 | CVE-2015-5078 | SQL Injection vulnerability in Limesurvey 2.06+ SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter. | 6.5 |
2015-06-26 | CVE-2015-4222 | SQL Injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325. | 6.5 |
2015-06-22 | CVE-2015-4713 | SQL Injection vulnerability in Apphp Hotel Site SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. | 6.5 |
2015-06-19 | CVE-2015-4678 | SQL Injection vulnerability in Persian CAR CMS Project Persian CAR CMS 1.0 SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI. | 7.5 |