Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-11-20 | CVE-2014-9005 | SQL Injection vulnerability in VLD Interactive Vldpersonals Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php. | 7.5 |
2014-11-20 | CVE-2014-8999 | SQL Injection vulnerability in Xoops 2.5.6 SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. | 6.5 |
2014-11-20 | CVE-2014-8995 | SQL Injection vulnerability in Maarch Letterbox 2.8 SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | 5.0 |
2014-11-17 | CVE-2014-8596 | SQL Injection vulnerability in PHP-Fusion 7.02.07 Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. | 7.5 |
2014-11-17 | CVE-2014-8499 | SQL Injection vulnerability in Manageengine Password Manager PRO Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc. | 6.5 |
2014-11-17 | CVE-2014-8498 | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. | 6.5 |
2014-11-13 | CVE-2014-8554 | SQL Injection vulnerability in Mantisbt SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. | 7.5 |
2014-11-07 | CVE-2014-4627 | SQL Injection vulnerability in RSA web Threat Detection SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2014-11-06 | CVE-2014-6030 | SQL Injection vulnerability in Classapps Selectsurvey.Net 4.125.000 Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx. | 6.5 |
2014-11-06 | CVE-2014-8668 | SQL Injection vulnerability in SAP Contract Accounting SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |