Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7153 | 1 Docebo | 1 Docebo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command. | |||||
| CVE-2008-6964 | 1 X7 Group | 1 X7 Chat | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2008-6991 | 1 Cmsbright | 1 Cmsbright | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter. | |||||
| CVE-2008-6941 | 1 Turnkeyforms | 1 Web Hosting Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2008-6950 | 1 Webhost-panel | 1 Bankoi Webhosting Control Panel | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. | |||||
| CVE-2008-6952 | 1 Cms.maury91 | 1 Maurycms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2008-7003 | 1 The-rat-cms | 1 The-rat-cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote attackers to execute arbitrary SQL commands via the (1) user_id and (2) password parameter. | |||||
| CVE-2008-6892 | 1 Peel | 1 Peel | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572. | |||||
| CVE-2008-6907 | 1 2532gigs | 1 2532gigs | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by index.php. | |||||
| CVE-2008-6911 | 1 Brewblogger | 1 Brewblogger | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginUsername parameter to includes/logincheck.inc.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6889 | 1 Activewebsoftwares | 1 Aspreferral | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter. | |||||
| CVE-2008-6917 | 1 Exoscripts | 1 Exophpdesk | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter). | |||||
| CVE-2008-6881 | 2 Joomla, Joompolitan | 2 Joomla\!, Com Livechat | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php. | |||||
| CVE-2008-6923 | 1 Joomla | 2 Com Content, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. | |||||
| CVE-2008-6883 | 2 Joomla, Joompolitan | 2 Joomla, Com Livechat | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7210 | 1 Ming Han | 1 Ajchat | 2017-09-29 | 7.5 HIGH | N/A |
| directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which prevents the associated $_GET["s"] variable from being unset. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in AJChat. | |||||
| CVE-2008-6853 | 1 Netcat | 1 Netcat | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter. | |||||
| CVE-2008-6813 | 1 Surat Kabar | 1 Phpwebnews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter. | |||||
| CVE-2008-6851 | 1 Php Link Directory | 1 Php Link Directory | 2017-09-29 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2008-6852 | 2 Joomla, Markus Donhauser | 2 Joomla\!, Ice Gallery Component For Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2008-6867 | 1 Scripts For Sites | 1 Ez Career | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.php in Scripts For Sites (SFS) EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2008-6809 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter. | |||||
| CVE-2008-6810 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6805 | 1 Micgr | 1 Mic Blog | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php. | |||||
| CVE-2008-6812 | 1 Surat Kabar | 1 Phpwebnews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter. | |||||
| CVE-2008-6808 | 1 Scripts-for-sites | 1 Ez Link Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ Link Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-6873 | 1 Activewebsoftwares | 1 Active Web Mail | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx. | |||||
| CVE-2008-6795 | 1 Niclor | 1 Vibro-school-cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter. | |||||
| CVE-2008-6794 | 1 Sfs Ez Pub | 1 Fsf Ex Pub | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-6245 | 1 Scripts-for-sites | 1 Ez Biz Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6429 | 2 Joomla, Mike Leeper | 2 Joomla, Com Prayercenter | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php. | |||||
| CVE-2008-6796 | 1 Preprojects | 1 Pre Real Estate Listings | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field). | |||||
| CVE-2009-0604 | 1 Php Director | 1 Php Director | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter. | |||||
| CVE-2009-0598 | 1 Phpmesfilms | 1 Phpmesfilms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6798 | 1 Preprojects | 1 Pre Real Estate Listings | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field). | |||||
| CVE-2008-6874 | 1 Aspsiteware | 1 Autodealer | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp. | |||||
| CVE-2009-0403 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2008-5289 | 1 Scripts4you | 1 Clean Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5292 | 1 Videogirls | 1 Videogirls Biz | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter. | |||||
| CVE-2008-5293 | 1 Bdigital Web Solutions | 1 Webstudio Ehotel | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | |||||
| CVE-2008-5294 | 1 Bdigital Web Solutions | 1 Webstudio Ecatalogue | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | |||||
| CVE-2008-4177 | 1 Preprojects | 1 Pre Real Estate Listings | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2008-4574 | 1 Aspindir | 1 Ayco Okul Portali | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | |||||
| CVE-2008-5269 | 1 Powie | 1 Psys | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter. | |||||
| CVE-2008-5270 | 1 Wareziz | 1 Yuhhu Superstar 2008 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter. | |||||
| CVE-2008-5295 | 1 Jamit Software | 1 Jamit Job Board | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 allows remote attackers to execute arbitrary SQL commands via the show_emp parameter. | |||||
| CVE-2008-5273 | 1 Toddwoolums | 1 Todd Woolums Asp News Management | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter. | |||||
| CVE-2008-4620 | 1 Mrbs | 1 Mrbs | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php. | |||||
| CVE-2008-5223 | 1 Airvae | 1 Commerce | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2008-4469 | 1 Vastal I-tech | 1 Freelance Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter. | |||||