CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2014(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-8766 89 Exec Code Sql 2014-10-14 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified parameters to admin.php.
2 CVE-2014-8506 89 Exec Code Sql 2014-10-28 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php.
3 CVE-2014-8375 89 Exec Code Sql 2014-10-21 2015-08-06
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
4 CVE-2014-8366 89 Exec Code Sql 2014-10-20 2014-10-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php.
5 CVE-2014-8363 89 Exec Code Sql 2014-10-20 2014-10-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
6 CVE-2014-8306 89 Exec Code Sql 2014-10-16 2014-12-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.
7 CVE-2014-8295 89 1 Exec Code Sql 2014-10-15 2014-10-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
8 CVE-2014-8294 89 Exec Code Sql 2014-10-15 2014-10-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password.
9 CVE-2014-7981 89 Exec Code Sql 2014-10-08 2014-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
10 CVE-2014-7201 89 Exec Code Sql 2014-10-10 2014-10-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/.
11 CVE-2014-6295 89 Exec Code Sql 2014-10-03 2014-10-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
12 CVE-2014-6293 89 Exec Code Sql 2014-10-03 2014-10-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.
13 CVE-2014-6242 89 1 Exec Code Sql CSRF 2014-10-02 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
14 CVE-2014-5520 89 1 Exec Code Sql 2014-10-26 2014-10-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
15 CVE-2014-5503 89 Exec Code Sql 2014-10-07 2014-10-08
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.
16 CVE-2014-5389 89 Exec Code Sql 2014-10-06 2015-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php.
17 CVE-2014-5308 89 1 Exec Code Sql 2014-10-08 2014-10-09
9.0
None Remote Low Single system Complete Complete Complete
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
18 CVE-2014-5275 89 1 Exec Code Sql 2014-10-20 2017-09-07
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.
19 CVE-2014-4873 89 Exec Code Sql 2014-10-10 2015-09-10
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.
20 CVE-2014-4313 89 Exec Code Sql 2014-10-10 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field.
21 CVE-2014-3978 89 Exec Code Sql 2014-10-20 2014-10-24
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.
22 CVE-2014-3828 89 Exec Code Sql 2014-10-22 2019-07-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.
23 CVE-2014-3704 89 4 Sql 2014-10-15 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
24 CVE-2014-3446 89 Exec Code Sql 2014-10-30 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.
25 CVE-2014-3382 89 DoS Sql 2014-10-10 2014-10-12
7.8
None Remote Low Not required None None Complete
The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027.
26 CVE-2014-3366 89 Exec Code Sql 2014-10-31 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
27 CVE-2014-2531 89 1 Exec Code Sql 2014-10-21 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.
28 CVE-2014-2081 89 Exec Code Sql 2014-10-20 2015-01-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
29 CVE-2014-2022 89 Exec Code Sql 2014-10-15 2015-08-13
7.1
None Remote High Single system Complete Complete Complete
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
30 CVE-2013-7406 89 Exec Code Sql 2014-10-21 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
31 CVE-2012-5865 89 Exec Code Sql 2014-10-20 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
32 CVE-2012-5701 89 Exec Code Sql CSRF 2014-10-20 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
33 CVE-2012-5695 352 Sql CSRF 2014-10-20 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.
34 CVE-2012-5694 89 Exec Code Sql 2014-10-20 2014-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/.
35 CVE-2012-5244 89 1 Exec Code Sql 2014-10-20 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
36 CVE-2012-0811 89 Exec Code Sql 2014-10-01 2014-10-02
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.
37 CVE-2003-1598 89 Exec Code Sql 2014-10-01 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
Total number of vulnerabilities : 37   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.