Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions prior to 1.0.19.20 or inject HTML in password recovery emai...
Grandstream Ucm6200 Firmware
1 EDB exploit
1 Metasploit module
1000
VMScore
CVE-2013-5945
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware prior to 1.08B44; DSR-150N with firmware prior to 1.05B64; DSR-250 and DSR-250N with firmware prior to 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware prior to 1.08B77 allow remote malici...
Dlink Dsr-150 Firmware
Dlink Dsr-150n Firmware
Dlink Dsr-250 Firmware
Dlink Dsr-250n Firmware
Dlink Dsr-500 Firmware
Dlink Dsr-500n Firmware
Dlink Dsr-1000 Firmware
Dlink Dsr-1000n Firmware
1 EDB exploit
1000
VMScore
CVE-2014-5091
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
Status2k Status2k
1 EDB exploit
1000
VMScore
CVE-2018-11138
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
Quest Kace System Management Appliance 8.0.318
1 EDB exploit
1000
VMScore
CVE-2018-9245
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.
Ericssonlg Ipecs Nms A.1ac
1 EDB exploit
1000
VMScore
CVE-2018-6228
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an malicious user to execute SQL commands to upload and execute arbitrary code that may harm the target system.
Trendmicro Email Encryption Gateway 5.5
1 EDB exploit
1000
VMScore
CVE-2018-6229
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an malicious user to execute SQL commands to upload and execute arbitrary code that may harm the target system.
Trendmicro Email Encryption Gateway 5.5
1 EDB exploit
1000
VMScore
CVE-2018-6329
It exists that the Unitrends Backup (UB) prior to 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote malicious user to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
Unitrends Backup
1000
VMScore
CVE-2012-2576
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager prior to 5.1.2, SolarWinds Storage Profiler prior to 5.1.2, and SolarWinds Backup Profiler prior to 5.1.2 allows remote malicious users to execute arbitrary SQL commands via the loginName field.
Solarwinds Backup Profiler
Solarwinds Storage Profiler
Solarwinds Storage Manager
1 EDB exploit
1000
VMScore
CVE-2015-9098
In Redgate SQL Monitor prior to 3.10 and 4.x prior to 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these ...
Red-gate Sql Monitor
Red-gate Sql Monitor 4.0
Red-gate Sql Monitor 4.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »