Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2029 | 1 Minibb | 1 Minibb | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php. | |||||
| CVE-2008-2023 | 1 Pd9 Software | 1 Megabbs | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp. | |||||
| CVE-2008-2013 | 1 Pnflashgames | 1 Pnflashgames | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action. | |||||
| CVE-2008-2012 | 1 Postnuke Software Foundation | 1 Postschedule | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action. | |||||
| CVE-2008-1982 | 1 Wordpress | 2 Wordpress, Wpss | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | |||||
| CVE-2008-1975 | 1 Cogites | 1 E Reserve | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter. | |||||
| CVE-2008-1961 | 1 Php Resource | 1 Voice Of Web Allmyguests | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMG_id parameter in a comments action. | |||||
| CVE-2008-1957 | 1 Easyscripts | 1 Tr Script News | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode. | |||||
| CVE-2008-1954 | 1 Webcalendar | 1 Web Calendar Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2008-1939 | 1 Aspindir | 1 Philboard | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920. | |||||
| CVE-2008-1935 | 1 Joomla | 1 Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter. | |||||
| CVE-2008-1934 | 1 Crazy Goomba | 1 Crazy Goomba | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1919 | 1 Yourfreeworld | 1 Apartment Search Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||||
| CVE-2008-1918 | 1 Php-fusion | 1 Php-fusion | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected. | |||||
| CVE-2008-1915 | 1 Devworx | 1 Blogworx | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1913 | 1 Lasernet Cms | 1 Lasernet Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action. | |||||
| CVE-2008-1911 | 1 1024 Cms | 1 1024 Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie. | |||||
| CVE-2008-1909 | 1 Chadha Software Technologies | 1 Phpkb Knowledge Base | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-1889 | 1 Xplodphp | 1 Autotutorials | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0490 | 1 Wordpress | 1 Wp Cal Plugin | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1875 | 1 Terong | 1 Advanced Web Photo Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter. | |||||
| CVE-2008-1121 | 1 Eazyportal | 1 Eazyportal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie. | |||||
| CVE-2008-1053 | 1 Phpnuke | 1 Kose Yazilari Module | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php. | |||||
| CVE-2008-1874 | 1 Xpoze | 1 Xpoze Pro | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter. | |||||
| CVE-2008-0801 | 3 Joomla, Mambo-foundation, Paxxgallery | 3 Joomla\!, Mambo, Com Paxxgallery | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter. | |||||
| CVE-2008-0468 | 1 Flinx | 1 Flinx | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0461 | 1 Francisco Burzi | 1 Php-nuke | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0453 | 1 Easysitenetwork | 1 Recipe Website Script | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | |||||
| CVE-2008-0447 | 1 Foojan | 1 Php Weblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter. | |||||
| CVE-2008-0446 | 1 Julian Pawlowski | 1 Lulieblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0800 | 1 Joomla | 1 Com Mcquiz | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action. | |||||
| CVE-2008-1872 | 1 Comdev | 1 Comdev News Publisher | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1871 | 1 Scriptsagent | 1 Links Directory | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-0799 | 2 Joomla, Mambo | 2 Com Quiz, Com Quiz | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action. | |||||
| CVE-2008-0430 | 1 360 Web Manager | 1 360 Web Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter. | |||||
| CVE-2008-0429 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. | |||||
| CVE-2008-0424 | 1 Mooseguy Blog System | 1 Mgbs | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter. | |||||
| CVE-2008-1077 | 1 Mamboportal.com | 1 Simpleboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action. | |||||
| CVE-2008-1039 | 1 Porar | 1 Webboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter. | |||||
| CVE-2008-1870 | 1 Geek247 | 1 Pigmy-sql | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0421 | 1 Invision Power Services | 1 Invision Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command. | |||||
| CVE-2008-0601 | 1 All Club Cms | 1 All Club Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2008-0796 | 1 Nuboard | 1 Nuboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in threads.php in Nuboard 0.5 allows remote attackers to execute arbitrary SQL commands via the ssid parameter. | |||||
| CVE-2008-1869 | 1 Site Sift Media | 1 Site Sift Listings | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific. | |||||
| CVE-2008-0795 | 3 Joomla, Mambo, Mgfi | 3 Joomla, Mambo, Xfaq | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | |||||
| CVE-2008-1867 | 1 Pixel Motion | 1 Pixel Motion Blog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php. | |||||
| CVE-2008-1864 | 1 Prozilla | 1 Prozilla Freelancers | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter. | |||||
| CVE-2008-0776 | 1 Itechscripts | 1 Itechbids | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||||
| CVE-2008-0939 | 1 Wordpress | 1 Photo Album Plugin | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5449 | 1 Softbiz | 1 Recipes Portal Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. | |||||