Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3319 | 1 Dimofinf | 1 Dawaween | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018. | |||||
| CVE-2009-3042 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040. | |||||
| CVE-2009-3215 | 2 Joomla, Php-shop-system | 2 Joomla, Ixxo Cart | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. | |||||
| CVE-2009-3040 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php. | |||||
| CVE-2009-3532 | 2 Logrover, Microsoft | 2 Logrover, Windows | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2933 | 1 Piwigo | 1 Piwigo | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter. | |||||
| CVE-2009-2734 | 1 Achievo | 1 Achievo | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php. | |||||
| CVE-2009-2598 | 1 Onlinegrades | 1 Online Grades | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php. | |||||
| CVE-2009-2579 | 1 Cs-cart | 1 Cs-cart | 2018-10-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2. | |||||
| CVE-2009-2608 | 1 Chatelao | 1 Php Address Book | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565. | |||||
| CVE-2009-2451 | 1 Mim.infinix | 1 Infinix | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form. | |||||
| CVE-2009-2573 | 1 Bioscripts | 1 Minitwitter | 2018-10-10 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php. | |||||
| CVE-2009-2361 | 1 Osticket | 1 Osticket | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter. | |||||
| CVE-2009-2359 | 1 Yasinkaplan | 1 Tekradius | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command. | |||||
| CVE-2009-2164 | 1 Kjtechforce | 1 Mailman | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php. | |||||
| CVE-2009-2157 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the delreport parameter to takedelreport.php; (12) the delreq parameter to takedelreq.php; (13) the clases parameter to takestaffmess.php; and (14) the warndisable parameter to takewarndisable.php; and allow remote attackers to execute arbitrary SQL commands via (15) the wherecatin parameter to browse.php, (16) the limit parameter to today.php, and (17) the where parameter to torrents-details.php. | |||||
| CVE-2009-2269 | 1 Phome Empire | 1 Phome Empire Cms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/. | |||||
| CVE-2009-2290 | 2 Joomla, Kim Eckert | 2 Joomla\!, Com Bsadv | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php. | |||||
| CVE-2009-2036 | 1 Geekbill | 1 Open Biller | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-2097 | 1 Zokisoft | 1 Zoki Catalog | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2354 | 1 Nulllogic | 1 Groupware | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-1910 | 1 Rafal Kucharski | 1 Rtwebalbum | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter. | |||||
| CVE-2009-2010 | 1 Haudenschilt | 1 Family Connections Cms | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter. | |||||
| CVE-2009-1843 | 1 Glenn Mcgurrin | 1 Flash Quiz | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_number parameter to (g) answers.php and (h) question.php. | |||||
| CVE-2009-1766 | 1 Teozkr | 1 Lightopencms | 2018-10-10 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1778 | 1 Bigace | 1 Bigace Cms | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-1661 | 1 Anoldman | 1 Utopic | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. | |||||
| CVE-2009-1500 | 1 Projectcms | 1 Projectcms | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter. | |||||
| CVE-2009-1480 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors. | |||||
| CVE-2009-1468 | 1 Icewarp | 2 Email Server, Webmail Server | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query. | |||||
| CVE-2009-1584 | 1 R020 | 1 Tematres | 2018-10-10 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php. | |||||
| CVE-2009-1453 | 1 Anoochit Chalothorn | 1 Tiny Blogr | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1316 | 1 Abk-soft | 1 Ablespace | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php. | |||||
| CVE-2009-1027 | 1 Opencart | 1 Opencart | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2009-0851 | 1 Stewart Howe | 1 Celerbb | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php. | |||||
| CVE-2009-0882 | 1 Roman Bogorodskiy | 1 Nforum | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php. | |||||
| CVE-2009-0963 | 1 Xlinesoft | 1 Phprunner | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php. | |||||
| CVE-2009-0832 | 2 Ausimods, Php-fusion | 2 E-cart, Php-fusion | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter. | |||||
| CVE-2009-0825 | 1 Torben Sorensen | 1 Tinx\/cms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0730 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. | |||||
| CVE-2009-0741 | 1 Craftsilicon | 1 Banking\@home | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter. | |||||
| CVE-2009-0672 | 1 Ravenphpscripts | 1 Ravennuke | 2018-10-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php. | |||||
| CVE-2009-0727 | 1 Tony Iha Kazungu | 1 Taifajobs | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | |||||
| CVE-2009-0646 | 1 4site | 1 4site Cms | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml. | |||||
| CVE-2015-7682 | 1 Genetechsolutions | 1 Pie Register | 2018-10-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php. | |||||
| CVE-2015-7319 | 1 Codepeople | 1 Appointment Booking Calendar | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username. | |||||
| CVE-2015-5703 | 1 Open-xchange Ox Guard | 1 Open-xchange Ox Guard | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4109 | 1 Usersultra | 1 Usersultra | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-4118 | 1 Ispconfig | 1 Ispconfig | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2. | |||||
| CVE-2015-4614 | 1 Easy2map Project | 1 Easy2map | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors. | |||||