Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-6559
Multiple SQL injection vulnerabilities in Logaholic prior to 2.0 RC8 allow remote malicious users to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php.
Logaholic Logaholic 0
2 EDB exploits
NA
CVE-2013-4670
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance prior to 5.1.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Symantec Web Gateway
Symantec Web Gateway 5.0
Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0.2
Symantec Web Gateway 5.0.3
Symantec Web Gateway 5.0.3.18
Symantec Web Gateway Appliance 8450 -
Symantec Web Gateway Appliance 8490 -
NA
CVE-2013-4672
The management console on the Symantec Web Gateway (SWG) appliance prior to 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command.
Symantec Web Gateway
Symantec Web Gateway 5.0
Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0.2
Symantec Web Gateway 5.0.3
Symantec Web Gateway 5.0.3.18
Symantec Web Gateway Appliance 8450 -
Symantec Web Gateway Appliance 8490 -
NA
CVE-2009-4430
SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote malicious users to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.
Virtuemart Virtuemart 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-7538
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform prior to 9.18 allows malicious users to execute arbitrary SQL commands.
Enalean Tuleap
1 EDB exploit
NA
CVE-2014-2081
Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua prior to 2013.2.4 and 2014.x prior to 2014.1.1 allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter.
Iii Vtls-virtua 2013.2.3
Iii Vtls-virtua 2014.1.0
1 EDB exploit
9.8
CVSSv3
CVE-2015-3933
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS prior to 0.0.3-patch allow remote malicious users to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.
Metalgenix Genixcms
1 EDB exploit
9.8
CVSSv3
CVE-2018-18923
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.
Abisoftgt Ticketly 1.0
1 EDB exploit
NA
CVE-2013-1617
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance prior to 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
Symantec Web Gateway
Symantec Web Gateway 5.0
Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0.2
Symantec Web Gateway 5.0.3
Symantec Web Gateway 5.0.3.18
Symantec Web Gateway Appliance 8450 -
Symantec Web Gateway Appliance 8490 -
NA
CVE-2013-1668
The uploadFile function in upload/index.php in CosCMS prior to 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
Coscms Coscms
Coscms Coscms 1.3
Coscms Coscms 1.41
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »