Total
17351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3603 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | N/A |
| A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | ||||
| CVE-2018-3602 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | N/A |
| An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | ||||
| CVE-2018-2450 | 1 Sap | 1 Maxdb | 2024-11-21 | N/A |
| SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. | ||||
| CVE-2018-2447 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A |
| SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. | ||||
| CVE-2018-25088 | 1 Blueyonder | 1 Postgraas Server | 2024-11-21 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2. Affected is the function _create_pg_connection/create_postgres_db of the file postgraas_server/backends/postgres_cluster/postgres_cluster_driver.py of the component PostgreSQL Backend Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 7cd8d016edc74a78af0d81c948bfafbcc93c937c. It is recommended to upgrade the affected component. VDB-234246 is the identifier assigned to this vulnerability. | ||||
| CVE-2018-25076 | 1 Events Project | 1 Events | 2024-11-21 | 5.5 Medium |
| A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The patch is named 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395. | ||||
| CVE-2018-25067 | 1 Joomgallery Project | 1 Joomgallery | 2024-11-21 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The identifier of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability. | ||||
| CVE-2018-25066 | 1 Nodebatis Project | 1 Nodebatis | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability. | ||||
| CVE-2018-25057 | 1 Mikebharris | 1 Simple Php Link Shortener | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in simple_php_link_shortener. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument $link["id"] leads to sql injection. The name of the patch is b26ac6480761635ed94ccb0222ba6b732de6e53f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216996. | ||||
| CVE-2018-21022 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | ||||
| CVE-2018-21021 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | ||||
| CVE-2018-21004 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | N/A |
| The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | ||||
| CVE-2018-21003 | 1 Themekraft | 1 Buddyforms | 2024-11-21 | N/A |
| The buddyforms plugin before 2.2.8 for WordPress has SQL injection. | ||||
| CVE-2018-20887 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | ||||
| CVE-2018-20779 | 1 Traq | 1 Traq | 2024-11-21 | N/A |
| Traq 3.7.1 allows SQL Injection via a tickets?search= URI. | ||||
| CVE-2018-20770 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | N/A |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection. | ||||
| CVE-2018-20730 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component. | ||||
| CVE-2018-20719 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. | ||||
| CVE-2018-20716 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
| CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | ||||
| CVE-2018-20715 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | N/A |
| The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | ||||