Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6952 | 1 Cms.maury91 | 1 Maurycms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2008-6964 | 1 X7 Group | 1 X7 Chat | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2009-0299 | 1 Groonesworld | 1 Glinks | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-6923 | 1 Joomla | 2 Com Content, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. | |||||
| CVE-2008-6941 | 1 Turnkeyforms | 1 Web Hosting Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2008-6220 | 1 Cafuego | 1 Simple Document Management System | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter. | |||||
| CVE-2008-6950 | 1 Webhost-panel | 1 Bankoi Webhosting Control Panel | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. | |||||
| CVE-2008-7085 | 1 Thehockeystop | 1 Hockeystats Online | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php. | |||||
| CVE-2008-6881 | 2 Joomla, Joompolitan | 2 Joomla\!, Com Livechat | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php. | |||||
| CVE-2008-6883 | 2 Joomla, Joompolitan | 2 Joomla, Com Livechat | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6889 | 1 Activewebsoftwares | 1 Aspreferral | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter. | |||||
| CVE-2008-6874 | 1 Aspsiteware | 1 Autodealer | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp. | |||||
| CVE-2008-6892 | 1 Peel | 1 Peel | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572. | |||||
| CVE-2008-7210 | 1 Ming Han | 1 Ajchat | 2017-09-29 | 7.5 HIGH | N/A |
| directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which prevents the associated $_GET["s"] variable from being unset. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in AJChat. | |||||
| CVE-2008-6867 | 1 Scripts For Sites | 1 Ez Career | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.php in Scripts For Sites (SFS) EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2008-6873 | 1 Activewebsoftwares | 1 Active Web Mail | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx. | |||||
| CVE-2008-6907 | 1 2532gigs | 1 2532gigs | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by index.php. | |||||
| CVE-2008-6813 | 1 Surat Kabar | 1 Phpwebnews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter. | |||||
| CVE-2008-6851 | 1 Php Link Directory | 1 Php Link Directory | 2017-09-29 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2008-6812 | 1 Surat Kabar | 1 Phpwebnews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter. | |||||
| CVE-2008-6852 | 2 Joomla, Markus Donhauser | 2 Joomla\!, Ice Gallery Component For Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2008-6805 | 1 Micgr | 1 Mic Blog | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php. | |||||
| CVE-2008-6808 | 1 Scripts-for-sites | 1 Ez Link Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ Link Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-6809 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter. | |||||
| CVE-2008-6810 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6853 | 1 Netcat | 1 Netcat | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter. | |||||
| CVE-2008-6798 | 1 Preprojects | 1 Pre Real Estate Listings | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field). | |||||
| CVE-2008-6911 | 1 Brewblogger | 1 Brewblogger | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginUsername parameter to includes/logincheck.inc.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6788 | 1 Minddezign | 1 Photo Gallery | 2017-09-29 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php. | |||||
| CVE-2008-6787 | 1 Jeremy Powers | 1 Lizardware Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in administrator/index.php in Lizardware CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user. | |||||
| CVE-2008-6789 | 1 Minddezign | 1 Photo Gallery | 2017-09-29 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788. | |||||
| CVE-2008-6784 | 1 Scripts-for-sites | 1 Ez Adult Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-6794 | 1 Sfs Ez Pub | 1 Fsf Ex Pub | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-6213 | 1 Harlandscripts | 1 Pro Traffic One | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter. | |||||
| CVE-2008-6782 | 1 Scripts-for-sites | 1 Ez Hosting Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Hosting Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-6795 | 1 Niclor | 1 Vibro-school-cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter. | |||||
| CVE-2008-6210 | 1 Dream4 | 1 Koobi | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 allows remote attackers to execute arbitrary SQL commands via the img_id parameter in the gallerypic page. | |||||
| CVE-2008-6783 | 1 Scripts-for-sites | 1 Ez Home Business Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-6204 | 1 Supernet | 1 Supernet Shop | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp. | |||||
| CVE-2008-6216 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter. | |||||
| CVE-2008-6202 | 1 Jakob-persson | 1 Cobalt | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) urun.asp, (2) admin/bayi_listele.asp, (3) admin/urun_grup_listele.asp, and (4) admin/urun_listele.asp. | |||||
| CVE-2008-6197 | 1 Kwsphp | 2 Galerie Module, Kwsphp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the galerie module for KwsPHP 1.3.456 allows remote attackers to execute arbitrary SQL commands via the id_gal parameter in a gal action. | |||||
| CVE-2008-6198 | 1 Mybboard | 2 Custom Pages Plugin, Mybb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-6249 | 1 Gwm | 1 Galatolo Webmanager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6917 | 1 Exoscripts | 1 Exophpdesk | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter). | |||||
| CVE-2008-6209 | 1 Vastal | 1 Software Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-6330 | 1 Jaia Interactive | 1 Mytopix | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the send parameter in a notes action. | |||||
| CVE-2008-6214 | 1 Harlandscripts | 1 Pro Traffic One | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6796 | 1 Preprojects | 1 Pre Real Estate Listings | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field). | |||||
| CVE-2008-6166 | 2 Jmds, Joomla | 2 Com Kbase, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php. | |||||