Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql injection vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions prior to 1.0.19.20 or inject HTML in password recovery emai...
Grandstream Ucm6200 Firmware
1 EDB exploit
1 Metasploit module
1000
VMScore
CVE-2013-5945
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware prior to 1.08B44; DSR-150N with firmware prior to 1.05B64; DSR-250 and DSR-250N with firmware prior to 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware prior to 1.08B77 allow remote malici...
Dlink Dsr-150 Firmware
Dlink Dsr-150n Firmware
Dlink Dsr-250 Firmware
Dlink Dsr-250n Firmware
Dlink Dsr-500 Firmware
Dlink Dsr-500n Firmware
Dlink Dsr-1000 Firmware
Dlink Dsr-1000n Firmware
1 EDB exploit
1000
VMScore
CVE-2014-5091
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
Status2k Status2k
1 EDB exploit
1000
VMScore
CVE-2018-11138
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
Quest Kace System Management Appliance 8.0.318
1 EDB exploit
1000
VMScore
CVE-2018-9245
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.
Ericssonlg Ipecs Nms A.1ac
1 EDB exploit
1000
VMScore
CVE-2018-6228
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an malicious user to execute SQL commands to upload and execute arbitrary code that may harm the target system.
Trendmicro Email Encryption Gateway 5.5
1 EDB exploit
1000
VMScore
CVE-2018-6229
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an malicious user to execute SQL commands to upload and execute arbitrary code that may harm the target system.
Trendmicro Email Encryption Gateway 5.5
1 EDB exploit
1000
VMScore
CVE-2018-6329
It exists that the Unitrends Backup (UB) prior to 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote malicious user to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
Unitrends Backup
1000
VMScore
CVE-2012-2576
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager prior to 5.1.2, SolarWinds Storage Profiler prior to 5.1.2, and SolarWinds Backup Profiler prior to 5.1.2 allows remote malicious users to execute arbitrary SQL commands via the loginName field.
Solarwinds Backup Profiler
Solarwinds Storage Profiler
Solarwinds Storage Manager
1 EDB exploit
1000
VMScore
CVE-2015-2845
The cpanel function in go_site.php in GoAutoDial GoAdmin CE prior to 3.3-1421902800 allows remote malicious users to execute arbitrary commands via the $type portion of the PATH_INFO.
Goautodial Goadmin Ce 3.0
Goautodial Goadmin Ce 3.3
2 EDB exploits
3 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »