CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-89

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-5109 89 Exec Code Sql 2014-07-28 2014-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
2 CVE-2014-5104 89 Exec Code Sql 2014-07-28 2014-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
3 CVE-2014-5102 89 Exec Code Sql 2014-07-25 2014-07-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.
4 CVE-2014-5017 89 Exec Code Sql 2014-07-21 2014-07-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter.
5 CVE-2014-4977 89 Exec Code Sql 2014-07-16 2014-07-16
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.
6 CVE-2014-4960 89 1 Exec Code Sql 2014-07-21 2014-07-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.
7 CVE-2014-4944 89 Exec Code Sql 2014-07-14 2014-07-14
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.
8 CVE-2014-4939 89 Exec Code Sql 2014-07-11 2014-07-14
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
9 CVE-2014-4938 89 Exec Code Sql 2014-07-11 2014-07-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.
10 CVE-2014-4858 89 Exec Code Sql 2014-07-26 2014-07-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
11 CVE-2014-4852 89 Exec Code Sql 2014-07-10 2014-07-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter.
12 CVE-2014-4850 89 Exec Code Sql 2014-07-10 2014-07-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter.
13 CVE-2014-4741 89 Exec Code Sql 2014-07-09 2014-07-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
14 CVE-2014-4736 89 Exec Code Sql 2014-07-24 2014-07-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.
15 CVE-2014-4649 89 Exec Code Sql 2014-06-28 2014-06-30
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.
16 CVE-2014-4644 89 1 Exec Code Sql 2014-06-25 2014-07-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
17 CVE-2014-4307 89 Exec Code Sql 2014-06-18 2014-06-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.
18 CVE-2014-4305 89 Exec Code Sql 2014-06-18 2014-06-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
19 CVE-2014-4194 89 Exec Code Sql 2014-07-09 2014-07-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action.
20 CVE-2014-4034 89 1 Exec Code Sql 2014-06-11 2014-06-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
21 CVE-2014-4013 89 Exec Code Sql 2014-07-14 2014-07-14
4.9
None Local Network Medium Single system Partial Partial Partial
SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
22 CVE-2014-3992 89 Exec Code Sql 2014-07-11 2014-07-11
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
23 CVE-2014-3973 89 Exec Code Sql 2014-06-05 2014-06-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
24 CVE-2014-3962 89 1 Exec Code Sql 2014-06-04 2014-06-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.
25 CVE-2014-3961 89 1 Exec Code Sql 2014-06-04 2014-06-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
26 CVE-2014-3937 89 Exec Code Sql 2014-06-02 2014-06-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
27 CVE-2014-3935 89 Exec Code Sql 2014-06-02 2014-06-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.
28 CVE-2014-3934 89 Exec Code Sql 2014-06-02 2014-06-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
29 CVE-2014-3932 89 Exec Code Sql 2014-06-02 2014-06-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
30 CVE-2014-3872 89 Exec Code Sql 2014-05-27 2014-05-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
31 CVE-2014-3871 89 1 Exec Code Sql 2014-05-27 2014-05-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823.
32 CVE-2014-3857 89 1 Exec Code Sql 2014-07-03 2014-07-17
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php.
33 CVE-2014-3810 89 Exec Code Sql 2014-06-19 2014-06-20
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
34 CVE-2014-3783 89 Exec Code Sql 2014-05-22 2014-05-29
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.
35 CVE-2014-3759 89 Exec Code Sql 2014-05-16 2014-05-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search or (2) list functionality.
36 CVE-2014-3757 89 Exec Code Sql 2014-05-15 2014-05-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.
37 CVE-2014-3749 89 Exec Code Sql 2014-05-20 2014-05-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp.
38 CVE-2014-3483 89 Exec Code Sql 2014-07-07 2014-07-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.
39 CVE-2014-3482 89 Exec Code Sql 2014-07-07 2014-07-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.
40 CVE-2014-3415 89 Exec Code Sql 2014-05-29 2014-05-30
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group.
41 CVE-2014-3326 89 Exec Code Sql 2014-07-26 2014-07-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.
42 CVE-2014-3287 89 Exec Code Sql 2014-06-10 2014-06-18
4.0
None Remote Low Single system Partial None None
SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.
43 CVE-2014-3275 89 Exec Code Sql 2014-05-25 2014-06-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.
44 CVE-2014-3246 89 1 Exec Code Sql 2014-05-13 2014-05-14
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.
45 CVE-2014-3210 89 Exec Code Sql 2014-05-22 2014-06-27
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
46 CVE-2014-3138 89 1 Exec Code Sql 2014-05-01 2014-05-20
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information.
47 CVE-2014-3055 89 Exec Code Sql 2014-07-29 2014-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
48 CVE-2014-2949 89 Exec Code Sql 2014-06-18 2014-06-21
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
49 CVE-2014-2948 89 Exec Code Sql 2014-05-22 2014-06-27
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request.
50 CVE-2014-2934 89 Exec Code Sql 2014-05-08 2014-07-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
Total number of vulnerabilities : 3789   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.