Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0205 | 1 Wordcircle | 1 Wordcircle | 2018-10-19 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts. | |||||
| CVE-2006-0199 | 1 Mini-nuke | 1 Cms System | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | |||||
| CVE-2006-0192 | 1 Philip Loftin | 1 Aspsurvey | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. | |||||
| CVE-2006-0146 | 6 John Lim, Mantis, Mediabeez and 3 more | 6 Adodb, Mantis, Mediabeez and 3 more | 2018-10-19 | 7.5 HIGH | N/A |
| The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. | |||||
| CVE-2006-0123 | 1 Adn Forum | 1 Adn Forum | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors. | |||||
| CVE-2006-0074 | 1 Jevontech | 1 Phpenpals | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected. | |||||
| CVE-2005-4606 | 1 Webwiz | 4 Database Login, Journal, Site News and 1 more | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter. | |||||
| CVE-2005-4349 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-19 | 6.5 MEDIUM | N/A |
| ** DISPUTED ** SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450. | |||||
| CVE-2005-4199 | 1 Mybb | 1 Mybb | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. | |||||
| CVE-2005-4195 | 2 Internet Scout, Internet Scout Project | 2 Scout Portal Toolkit, Scout Portal Toolkit | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0. | |||||
| CVE-2005-4011 | 1 Codewalkers | 1 Ltwcalendar | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3996 | 1 Zen-cart | 1 Zen Cart | 2018-10-19 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. | |||||
| CVE-2005-3984 | 1 Webcalendar | 1 Webcalendar | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949. | |||||
| CVE-2005-3952 | 1 Php Labs | 1 Top Auction | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0. | |||||
| CVE-2005-3365 | 1 Codeworx Technologies | 1 Dcp-portal | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11. | |||||
| CVE-2005-1487 | 1 Fishnet | 1 Fishcart | 2018-10-19 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable. | |||||
| CVE-2004-2746 | 1 Pensacola Web Designs | 1 Xtremeasp Photogallery | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2003-1340 | 1 Phpnuke | 1 Php-nuke | 2018-10-19 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279. | |||||
| CVE-2003-1533 | 1 Phppass | 1 Phppass | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. | |||||
| CVE-2003-1532 | 1 Julien Desaunay | 1 Phpmyshop | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters. | |||||
| CVE-2003-1530 | 1 Phpbb | 1 Phpbb | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter. | |||||
| CVE-2008-4715 | 1 Jpad Project | 1 Jpad | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. | |||||
| CVE-2006-3688 | 1 Francisco Charrua | 1 Photo-gallery | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3430 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | |||||
| CVE-2006-3318 | 1 Spiffyjr | 1 Phpraid | 2018-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters. | |||||
| CVE-2006-3139 | 1 Vwar | 1 Virtual War | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters. | |||||
| CVE-2006-3064 | 1 Coppermine | 1 Coppermine Photo Gallery | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. | |||||
| CVE-2006-3048 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-2977 | 1 Mafia Moblog | 1 Mafia Moblog | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter. | |||||
| CVE-2006-2973 | 1 Php Lite | 1 Calendar Express | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c. | |||||
| CVE-2006-2416 | 1 E107 | 1 E107 | 2018-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. | |||||
| CVE-2006-2363 | 1 Limbo Cms | 1 Limbo Cms | 2018-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-2128 | 1 Deltascripts | 1 Pro Publish | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php. | |||||
| CVE-2006-2103 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 2.1 LOW | N/A |
| SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. | |||||
| CVE-2006-2090 | 1 Mysmartbb | 1 Mysmartbb | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters. | |||||
| CVE-2006-2268 | 1 Flexcustomer | 1 Flexcustomer | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected. | |||||
| CVE-2006-1978 | 1 Flexbb | 1 Flexbb | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter. | |||||
| CVE-2006-1962 | 1 Pcpin | 1 Pcpin Chat | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php. | |||||
| CVE-2006-1871 | 1 Oracle | 1 Database Server | 2018-10-18 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06. | |||||
| CVE-2006-1676 | 1 Maxdev | 1 Md-pro | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP. | |||||
| CVE-2006-1423 | 1 Ubbcentral | 1 Ubb.threads | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter. | |||||
| CVE-2006-1330 | 1 Phpwebsite | 1 Phpwebsite | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. | |||||
| CVE-2006-1360 | 1 Musicbox | 1 Musicbox | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php. | |||||
| CVE-2006-1278 | 1 Upoint | 1 \@1 File Store | 2018-10-18 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2. | |||||
| CVE-2006-1018 | 1 Dci-designs | 1 Dawaween | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action. | |||||
| CVE-2006-0959 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. | |||||
| CVE-2006-6747 | 1 Dreaxteam | 1 Xt-news | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter. | |||||
| CVE-2006-6337 | 1 Aspindir | 1 Aspee Ziyaretci Defteri | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter. | |||||
| CVE-2006-6349 | 1 Pwp Technologies | 1 The Classified Ad System | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine. | |||||
| CVE-2006-6157 | 1 Michaelis Freunde | 1 Contentnow | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter. | |||||