Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-07-22 | CVE-2013-4882 | SQL Injection vulnerability in Mcafee Epolicy Orchestrator and Epolicy Orchestrator Agent Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140. | 6.5 |
2013-07-20 | CVE-2013-4870 | SQL Injection vulnerability in News Search Project News Search 0.1.0 SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-07-18 | CVE-2013-3412 | SQL Injection vulnerability in Cisco Unified Communications Manager SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | 6.5 |
2013-07-18 | CVE-2013-3404 | SQL Injection vulnerability in Cisco Unified Communications Manager SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. | 7.5 |
2013-07-15 | CVE-2013-3578 | SQL Injection vulnerability in Wave products SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands. | 9.0 |
2013-07-15 | CVE-2013-3577 | SQL Injection vulnerability in Wave products SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote attackers to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field). | 7.5 |
2013-07-08 | CVE-2013-1613 | SQL Injection vulnerability in Symantec products SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 4.7 |
2013-07-03 | CVE-2013-0560 | SQL Injection vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2012-5766. | 6.5 |
2013-07-03 | CVE-2012-5766 | SQL Injection vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than CVE-2013-0560. | 6.5 |
2013-07-01 | CVE-2013-4748 | SQL Injection vulnerability in Georg Ringer News SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |