Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6142 | 1 China-on-site | 1 Flexphpic | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. | |||||
| CVE-2008-6146 | 1 Deluxebb | 1 Deluxebb | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989. | |||||
| CVE-2008-6151 | 1 Sepcity | 1 Shopping Mall | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-6152 | 1 Sepcity | 1 Faculty Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file. | |||||
| CVE-2008-6153 | 1 Jayeshp | 1 Pixel8 Web Photo Album | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter. | |||||
| CVE-2008-6154 | 1 Hispah | 1 Text Links Ads | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter. | |||||
| CVE-2008-6156 | 1 Formfields | 1 Adman | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter. | |||||
| CVE-2008-6163 | 1 Openx | 1 Openx | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter. | |||||
| CVE-2008-6165 | 1 Easy-script | 1 Cspartner | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters. | |||||
| CVE-2008-2457 | 1 Bitmixsoft | 1 Php-jokesite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-2456 | 1 Comicshout | 1 Comicshout | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ComicShout 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the comic_id parameter. | |||||
| CVE-2008-2455 | 1 E107coders | 1 E107 Blog Engine | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the rid parameter. | |||||
| CVE-2008-2453 | 1 Phpclassifiedsscript | 1 Php Classifieds Script | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php. | |||||
| CVE-2008-3083 | 2 Brightcode, Joomla | 2 Brightcode Weblinks Module, Com Brightweblinks | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-3089 | 1 Xpoze | 1 Xpoze Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter. | |||||
| CVE-2008-2448 | 1 Aspindir | 1 Meto Forum | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp. | |||||
| CVE-2008-2447 | 1 Mytipper | 1 Zogo Shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-3118 | 1 Phpmotion | 1 Phpmotion | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter. | |||||
| CVE-2008-3119 | 1 Dreamlevels | 1 Dream Pics Builder | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in DreamPics Builder allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-2446 | 1 Wgcc | 1 Web Group Communication Center | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php. | |||||
| CVE-2008-3123 | 1 Mole Group | 1 Real Estate Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action. | |||||
| CVE-2008-3124 | 1 Mole Group | 1 Hotel Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter. | |||||
| CVE-2008-2444 | 1 Calogic | 1 Calogic Calendars | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter. | |||||
| CVE-2008-2443 | 1 Therealestatescript | 1 The Real Estate Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter. | |||||
| CVE-2008-2417 | 1 How2asp | 1 Webboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter. | |||||
| CVE-2008-3131 | 1 Powie | 1 Psys | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter. | |||||
| CVE-2008-3132 | 1 Joomla | 1 Com Beamospetition | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php. | |||||
| CVE-2008-3133 | 1 Barenuked | 1 Barenuked Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2008-3136 | 1 Ashopsoftware | 1 Ashop Deluxe | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-2416 | 1 Fichive | 1 Fichive | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter in a Fiction action, possibly related to sources/fiction.class.php. | |||||
| CVE-2008-3152 | 1 Orbitscripts | 2 Smartppc, Smartppc Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter. | |||||
| CVE-2008-3153 | 1 Tritoncms | 1 Triton Cms Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | |||||
| CVE-2008-3154 | 1 Webblizzard | 1 Content Management System | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-2395 | 1 Alkalinephp | 1 Alkalinephp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2394 | 1 Tagworx | 1 Tagworx Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php. | |||||
| CVE-2008-3191 | 1 Marcioforum | 1 Mforum | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action. | |||||
| CVE-2008-3193 | 1 Sclek | 1 Jsite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the page parameter to the default URI. | |||||
| CVE-2008-3254 | 1 Precoc | 1 Precms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action. | |||||
| CVE-2008-3200 | 1 Easy-script | 1 Avlc Forum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action. | |||||
| CVE-2008-3204 | 1 E-topbiz | 1 Million Pixels | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter. | |||||
| CVE-2008-2393 | 1 Entertainmentscript | 1 Entertainmentscript | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2356 | 1 Archangelmgt | 1 Archangel Weblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter. | |||||
| CVE-2008-3213 | 1 Webcms | 1 Webcms Portal Edition | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3265 | 1 Joomla | 1 Com Dtregister | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php. | |||||
| CVE-2008-3238 | 1 Itechscripts | 1 Itechbids | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php. | |||||
| CVE-2008-3240 | 1 Alstrasoft | 1 Affiliate Network Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action. | |||||
| CVE-2008-3241 | 1 Ultrastats | 1 Ultrastats | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3245 | 1 Cable-modems | 1 Phphoo3 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter. | |||||
| CVE-2008-3250 | 1 Arctictracker | 1 Arctic Issue Tracker | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter. | |||||
| CVE-2008-3251 | 1 Tpl Design | 1 Tplsoccersite | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/. | |||||