Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41155 | 1 Enalean | 1 Tuleap | 2024-11-21 | 8.8 High |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. | ||||
| CVE-2021-41154 | 1 Enalean | 1 Tuleap | 2024-11-21 | 8.8 High |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. | ||||
| CVE-2021-41148 | 1 Enalean | 1 Tuleap | 2024-11-21 | 8.8 High |
| Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal dashboard could execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | ||||
| CVE-2021-41147 | 1 Enalean | 1 Tuleap | 2024-11-21 | 7.2 High |
| Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | ||||
| CVE-2021-41081 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search. | ||||
| CVE-2021-41080 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search. | ||||
| CVE-2021-41075 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 9.8 Critical |
| The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. | ||||
| CVE-2021-41063 | 1 Xylem | 1 Aanderaa Geoview | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands. | ||||
| CVE-2021-40993 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 8.1 High |
| A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2021-40992 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2021-40961 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 8.8 High |
| CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. | ||||
| CVE-2021-40956 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 7.5 High |
| LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained. | ||||
| CVE-2021-40955 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 7.2 High |
| SQL injection exists in LaiKetui v3.5.0 the background administrator list. | ||||
| CVE-2021-40909 | 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial Project | 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial | 2024-11-21 | 9.6 Critical |
| Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud. | ||||
| CVE-2021-40908 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2021-40907 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php. | ||||
| CVE-2021-40861 | 1 Genesys | 1 Intelligent Workload Distribution Manager | 2024-11-21 | 7.2 High |
| A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. | ||||
| CVE-2021-40860 | 1 Genesys | 1 Intelligent Workload Distribution Manager | 2024-11-21 | 7.2 High |
| A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. | ||||
| CVE-2021-40850 | 1 Tcman | 1 Gim | 2024-11-21 | 10 Critical |
| TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. | ||||
| CVE-2021-40842 | 1 Proofpoint | 1 Insider Threat Management Server | 2024-11-21 | 9.8 Critical |
| Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected. | ||||