Vulnerabilities (CVE)

CWE filter

CWE-89

Filter

5692 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18982 1 Nuuo 1 Nuuo Cms 2019-10-09 6.5
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
CVE-2018-17542 2019-10-09 5.0
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
CVE-2018-16850 3 Postgresql, Canonical, Redhat 3 Postgresql, Ubuntu Linux, Enterprise Linux 2019-10-09 7.5
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with...
CVE-2018-15755 1 Cloud Foundry 1 Cf-networking 2019-10-09 6.5
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue...
CVE-2018-15447 1 Cisco 1 Integrated Management Controller 2019-10-09 7.5
A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of...
CVE-2018-15441 1 Cisco 1 Prime License Manager 2019-10-09 7.5
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL...
CVE-2018-14623 1 Theforeman 1 Katello 2019-10-09 4.0
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete...
CVE-2018-12470 1 Suse 1 Subscription Management Tool 2019-10-09 7.5
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
CVE-2018-12464 2019-10-09 7.5
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to...
CVE-2018-11065 2019-10-09 4.0
The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to...
CVE-2018-10595 1 Bd 3 Database Manager, Performa, Reada 2019-10-09 4.9
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss...
CVE-2018-10593 1 Bd 3 Database Manager, Performa, Reada 2019-10-09 3.8
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor)...
CVE-2018-0404 1 Cisco 2 Rv180w Wireless-n Multifunction Vpn Router, Rv220w Wireless Network Security Firewall 2019-10-09 5.0
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL...
CVE-2018-0320 1 Cisco 2 Prime Collaboration, Prime Collaboration Provisioning 2019-10-09 7.5
A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied...
CVE-2018-0120 1 Cisco 1 Unified Communications Manager 2019-10-09 4.0
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails...
CVE-2017-6757 1 Cisco 1 Unified Communications Manager 2019-10-09 6.5
A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to...
CVE-2017-6754 1 Cisco 1 Smart Net Total Care Collector Appliance 2019-10-09 4.0
A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow...
CVE-2017-3181 1 Tibco 7 Spotfire Analyst, Spotfire Client, Spotfire Connectors and 4 more 2019-10-09 7.5
Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the...
CVE-2017-17659 1 Quest 1 Netvault Backup 2019-10-09 7.5
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of...
CVE-2017-17658 1 Quest 1 Netvault Backup 2019-10-09 7.5
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of...