Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-06 | CVE-2014-8664 | SQL Injection vulnerability in SAP Environment Health and Safety SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-11-06 | CVE-2014-8663 | SQL Injection vulnerability in SAP Netweaver Business Warehouse SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-11-06 | CVE-2014-8351 | SQL Injection vulnerability in French National Commission ON Informatics and Liberty Cookieviz 1.0 SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter. | 7.5 |
| 2014-11-06 | CVE-2014-7959 | SQL Injection vulnerability in Ait-Pro Bulletproof Security SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter. | 6.5 |
| 2014-11-04 | CVE-2014-8588 | SQL Injection vulnerability in SAP Hana 1.00.60.379371 SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-11-04 | CVE-2014-8586 | SQL Injection vulnerability in CP Multi View Event Calendar Project CP Multi View Event Calendar 1.0.1 SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | 7.5 |
| 2014-11-04 | CVE-2014-8339 | SQL Injection vulnerability in multiple products SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter. | 7.5 |
| 2014-11-04 | CVE-2014-7176 | SQL Injection vulnerability in Enalean Tuleap SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. | 6.5 |
| 2014-11-04 | CVE-2014-5387 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php. | 6.5 |
| 2014-10-31 | CVE-2014-3366 | SQL Injection vulnerability in Cisco Unified Communications Manager SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | 6.5 |