Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3034 | 1 Rss Aggregator | 1 Rss Aggregator | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php. | |||||
| CVE-2008-2968 | 1 Yektaweb | 1 Academic Web Tools | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||||
| CVE-2008-2916 | 1 Preprojects | 1 Pre Ads Portal | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to showcategory.php and the (2) id parameter to software-description.php. | |||||
| CVE-2008-2917 | 1 Preprojects | 1 E-smart Cart | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in productsofcat.asp in E-SMART CART allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2008-2914 | 1 Preprojects | 1 Php Jobwebsite Pro | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2862 | 1 Elinestudio | 1 Site Composer | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp. | |||||
| CVE-2008-2781 | 1 Dzoic | 1 Handshakes | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action. | |||||
| CVE-2008-2701 | 1 Joomla | 1 Com Gameq | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php. | |||||
| CVE-2008-2669 | 1 Y-blog | 1 Yblog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php. | |||||
| CVE-2008-2652 | 1 Smeweb | 1 Smeweb | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters. | |||||
| CVE-2008-2670 | 1 Insanelysimple2 | 1 Isblog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889. | |||||
| CVE-2008-2671 | 1 Dcfm Blog | 1 Dcfm Blog | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2642 | 1 Kmrg-itb | 1 Otomigenx | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2633 | 1 Joomla | 2 Com Joomradio, Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php. | |||||
| CVE-2008-2572 | 1 Theflashblog | 1 Flashblog | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter. | |||||
| CVE-2008-2565 | 1 Php-address Book | 1 Php-address Book | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected. | |||||
| CVE-2008-2554 | 1 Bp Blog | 1 Bp Blog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp. | |||||
| CVE-2008-2510 | 1 Wordpress | 1 Upload File Plugin | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter. | |||||
| CVE-2008-2492 | 1 Badongo | 1 Campus Bulletin Board | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp. | |||||
| CVE-2008-2491 | 1 Hotscripts | 1 Ablespace | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-2479 | 1 Badongo | 1 Phpfix | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php. | |||||
| CVE-2008-2509 | 1 Excuse Online | 1 Excuse Online | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pwd.asp in Excuse Online allows remote attackers to execute arbitrary SQL commands via the pID parameter. | |||||
| CVE-2008-2454 | 1 Joomla | 1 Com Xsstream-dm | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php. | |||||
| CVE-2008-2428 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action. | |||||
| CVE-2008-2411 | 1 Sazcart | 1 Sazcart | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action. | |||||
| CVE-2008-2460 | 1 Vbulletin | 1 Vbulletin | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action. | |||||
| CVE-2008-2339 | 1 Turnkeywebtools | 1 Sunshop Shopping Cart | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549. | |||||
| CVE-2008-2286 | 1 Symantec | 1 Altiris Deployment Solution | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet. | |||||
| CVE-2008-2301 | 1 Phpway | 1 Kostenloses Linkmanagementscript | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php. | |||||
| CVE-2008-2205 | 1 Maianscriptworld | 1 Maian Music | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action. | |||||
| CVE-2008-2203 | 1 Maianscriptworld | 1 Maian Search | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. | |||||
| CVE-2008-2208 | 1 Maianscriptworld | 1 Maian Greeting | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. | |||||
| CVE-2008-2189 | 1 Anserv | 1 Auction Xl | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-2190 | 1 Romedchim International Srl | 1 Online Rent Property Script | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected. | |||||
| CVE-2008-2135 | 1 Visualshapers | 1 Ezcontents | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php. | |||||
| CVE-2008-2191 | 1 Postnuke Software Foundation | 1 Pnencyclopedia | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php. | |||||
| CVE-2008-2118 | 1 Project Alumni | 1 Project Alumni | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2096 | 1 Backlinkspider | 1 Backlink Spider | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php. | |||||
| CVE-2008-2087 | 1 Softbiz | 1 Web Hosting Directory Script | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817. | |||||
| CVE-2008-2094 | 1 Xoops | 1 Article Module | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2067 | 1 Minibb | 1 Minibb | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable. | |||||
| CVE-2008-2083 | 1 Prozilla | 1 Hosting Index | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-2036 | 1 Dream4 | 1 Koobi | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter in a poll action. | |||||
| CVE-2008-1990 | 1 Acidcat | 1 Acidcat Cms | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp. | |||||
| CVE-2008-1936 | 1 Classifieds Caffe | 1 Classifieds Caffe | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action. NOTE: this issue might be site-specific. | |||||
| CVE-2008-1968 | 1 Cezannesw | 1 Cezanne | 2018-10-11 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp. | |||||
| CVE-2008-1895 | 1 Carboncommunities | 1 Carbon Communities | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit action. | |||||
| CVE-2008-1921 | 1 5th Avenue Software | 1 5th Avenue Shopping Cart | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in store_pages/category_list.php in 5th Avenue Shopping Cart 1.2 trial edition allows remote attackers to execute arbitrary SQL commands via the category_ID parameter. | |||||
| CVE-2008-1733 | 2 Joomla, Pragmaticutopia | 2 Joomla, Com Puarcade | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php. | |||||
| CVE-2008-1699 | 1 Desiquintans | 1 Writers Block Cms | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter. | |||||