Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5973 | 1 Jportal | 1 Jportal Web Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2007-5974 | 1 Jportal | 1 Jportal Web Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. | |||||
| CVE-2007-5992 | 1 Datecomm | 1 Social Networking Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page. | |||||
| CVE-2007-5996 | 1 Softbizscripts | 1 Link Directory Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449. | |||||
| CVE-2007-5997 | 1 Softbizscripts | 1 Banner Exchange Network Script | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-5998 | 1 Softbizscripts | 1 Ad Management Plus Script | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter. | |||||
| CVE-2007-5999 | 1 Softbizscripts | 1 Softbiz Auctions Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6004 | 1 Toko | 1 Instan | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action. | |||||
| CVE-2007-6078 | 1 Skyportal | 1 Skyportal | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; or the (5) Avatar_URL, (6) LINK1, or (7) LINK2 parameter to cp_main.asp in an EditIt action. | |||||
| CVE-2007-6080 | 1 Bcoos | 1 Bcoos | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected. | |||||
| CVE-2007-6084 | 1 Hotscripts | 1 Clone Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6125 | 1 Softbiz | 1 Freelancers Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. | |||||
| CVE-2007-6127 | 1 Project Alumni | 1 Project Alumni | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php. | |||||
| CVE-2007-6128 | 1 Flor De Utopia | 1 Workingonweb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter. | |||||
| CVE-2007-6202 | 1 Neocrome | 1 Seditio | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php. | |||||
| CVE-2007-6223 | 1 Phpbb | 1 Garage | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode. | |||||
| CVE-2007-6292 | 1 Mwopen | 1 E-commerce | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6391 | 1 Sh-news | 1 Sh-news | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6392 | 1 Dominion Web | 1 Dwdirectory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI. | |||||
| CVE-2007-6393 | 1 Ace Image Hosting Script | 1 Ace Image Hosting Script | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode. | |||||
| CVE-2007-6394 | 1 P3mbo | 1 Content Injector | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action. | |||||
| CVE-2007-6472 | 1 Phpmyrealty | 1 Phpmyrealty | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6458 | 1 My123tkshop | 1 E-commerce-suite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. | |||||
| CVE-2007-6462 | 1 Php Real Estate Classifieds | 1 Php Real Estate Classifieds Premium Plus | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6466 | 1 Freewebshop | 1 Freewebshop | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected. | |||||
| CVE-2007-6543 | 1 Esyndicat | 1 Esyndicat Link Exchange | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6551 | 1 Mailmachinepro | 1 Mailmachine Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6556 | 1 Websihirbazi | 1 Websihirbazi | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp. | |||||
| CVE-2007-6557 | 1 Megacheatz | 1 Megacheatz | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors. | |||||
| CVE-2014-9229 | 1 Symantec | 1 Endpoint Protection | 2017-09-23 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. | |||||
| CVE-2015-4634 | 1 Cacti | 1 Cacti | 2017-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | |||||
| CVE-2015-1491 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-21 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4700 | 1 Php | 1 Php | 2017-09-19 | 6.8 MEDIUM | N/A |
| The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions. | |||||
| CVE-2009-4807 | 1 Graugon | 1 Php Article Publisher | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to view.php. | |||||
| CVE-2009-4855 | 1 Typo3 | 1 Typo3 | 2017-09-19 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core." | |||||
| CVE-2009-4862 | 1 Abushhab | 1 Alwasel | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php. | |||||
| CVE-2009-4870 | 1 Phpcityportal | 1 Phpcityportal | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4798 | 1 Diskos | 1 Diskos Cms | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature. | |||||
| CVE-2009-4883 | 1 Todd Rogers | 1 Phprecipebook | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action. | |||||
| CVE-2009-4872 | 1 Logoshows | 1 Logoshows Bbs | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||||
| CVE-2009-4871 | 1 Logoshows | 1 Logoshows Bbs | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2009-4860 | 1 Demarque | 1 Typing Pal | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter. | |||||
| CVE-2009-5094 | 1 Cmsfaethon | 1 Cms Faethon | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||||
| CVE-2009-5091 | 1 Vlinks | 1 Vlinks | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-5090 | 1 Daman371 | 1 Bloggeruniverse | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors. | |||||
| CVE-2009-5088 | 1 Ideacart | 1 Ideacart | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter. | |||||
| CVE-2009-4992 | 1 Script-shop24 | 1 Lm Starmail Paidmail | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2009-4985 | 1 Websitesrus | 1 Accessories Me Php Affiliate Script | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter. | |||||
| CVE-2009-4982 | 1 Irokez | 1 Irokez Cms | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI. | |||||
| CVE-2009-4973 | 1 Sweetphp | 1 Totalcalendar | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action. | |||||