Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10969 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. | |||||
| CVE-2018-10915 | 4 Canonical, Debian, Postgresql and 1 more | 9 Ubuntu Linux, Debian Linux, Postgresql and 6 more | 2024-11-21 | 6.0 MEDIUM | 8.5 HIGH |
| A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. | |||||
| CVE-2018-10759 | 1 Projectpier | 1 Projectpier | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter. | |||||
| CVE-2018-10757 | 1 Csp Mysql User Manager Project | 1 Csp Mysql User Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. | |||||
| CVE-2018-10738 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. | |||||
| CVE-2018-10737 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. | |||||
| CVE-2018-10736 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. | |||||
| CVE-2018-10735 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. | |||||
| CVE-2018-10595 | 1 Bd | 6 Database Manager, Inoqula\+, Kiestra Tla and 3 more | 2024-11-21 | 4.9 MEDIUM | 6.3 MEDIUM |
| A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. | |||||
| CVE-2018-10593 | 1 Bd | 6 Database Manager, Inoqula\+, Kiestra Tla and 3 more | 2024-11-21 | 3.8 LOW | 5.6 MEDIUM |
| A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. | |||||
| CVE-2018-10466 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. | |||||
| CVE-2018-10356 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-10353 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-10352 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-10351 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-10350 | 2 Linux, Trendmicro | 2 Linux Kernel, Smart Protection Server | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability. | |||||
| CVE-2018-10284 | 1 Adaltech | 1 G-ticket | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter. | |||||
| CVE-2018-10283 | 1 Cliquemania | 1 Loja Virtual | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action. | |||||
| CVE-2018-10256 | 1 Hrsale Project | 1 Hrsale | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query. | |||||
| CVE-2018-10225 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| thinkphp 3.1.3 has SQL Injection via the index.php s parameter. | |||||