Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0849 | 2 Joomla, Mambo | 2 Com Downloads, Com Downloads | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652. | |||||
| CVE-2008-0845 | 1 Wordpress | 1 Dean Logan Wp-people Plugin | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter. | |||||
| CVE-2008-0835 | 1 Simple Cms | 1 Simple Cms | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter. | |||||
| CVE-2008-0873 | 1 Jlmzone | 1 Classifieds | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action. | |||||
| CVE-2008-0920 | 1 Open Source Security Information Management | 1 Os-sim | 2018-10-15 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression. | |||||
| CVE-2008-0850 | 1 Dokeos | 1 Dokeos | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php. | |||||
| CVE-2008-0810 | 2 Joomla, Mambo | 2 Com Scheduling Component, Com Scheduling Component | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0816 | 1 Com Sg | 1 Com Sg | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task. | |||||
| CVE-2008-0874 | 1 Xoops | 1 Eempregos Module | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
| CVE-2008-0787 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-15 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php. | |||||
| CVE-2008-0785 | 1 Cacti | 1 Cacti | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login. | |||||
| CVE-2008-0817 | 2 Joomla, Mambo | 2 Com Filebase Component, Com Filebase Component | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. | |||||
| CVE-2008-0789 | 1 Li-scripts | 1 Li-countdown | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter. | |||||
| CVE-2008-0771 | 1 Site2nite | 1 Real Estate Web | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0762 | 1 Joomla | 1 Com Iomezun | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the com_iomezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. | |||||
| CVE-2008-0753 | 1 Vwar | 1 Virtual War | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter. | |||||
| CVE-2008-0754 | 1 Joomla | 1 Com Rapidrecipe | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in the Rapid Recipe (com_rapidrecipe) 1.6.5 component for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a showuser action or (2) the category_id parameter in a viewcategorysrecipes action. | |||||
| CVE-2008-0750 | 1 Husrev | 1 Blackboard | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoard 2.0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2008-0744 | 1 Preprojects.com | 1 Pre Hotels \& Resorts Management System | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user_login.asp in PreProjects.com Pre Hotels & Resorts Management System allows remote attackers to execute arbitrary SQL commands via the login page. | |||||
| CVE-2008-0737 | 1 Shoppingtree | 1 Candypress Store | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter. | |||||
| CVE-2008-0675 | 1 The Everything Development Company | 1 The Everything Development Engine | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the node_id parameter. | |||||
| CVE-2008-0681 | 1 Phpshop | 1 Phpshop | 2018-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action. | |||||
| CVE-2008-0733 | 1 Cs Team | 1 Counter Strike Portal | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page. | |||||
| CVE-2008-0546 | 1 Shoppingtree | 1 Candypress Store | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp. | |||||
| CVE-2008-0538 | 1 Phpip | 1 Phpip Management | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0543 | 1 Pre Projects | 1 Pre Dynamic Institution | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0469 | 1 Tiger Php News System | 1 Tiger Php News System | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action. | |||||
| CVE-2008-0487 | 1 The Net Guys | 1 Aspired2protect | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0451 | 1 Pacercms | 1 Pacercms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/. | |||||
| CVE-2008-0428 | 1 Bloofoxcms | 1 Bloofoxcms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php. | |||||
| CVE-2008-0422 | 1 Boastmachine | 1 Boastmachine | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0385 | 1 Urulu | 1 Urulu | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO. | |||||
| CVE-2008-0383 | 1 Mybb | 1 Mybb | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php. | |||||
| CVE-2008-0363 | 1 Clever Copy | 1 Clever Copy | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php. | |||||
| CVE-2008-0291 | 1 Hangzhou Rui-qiang | 1 Richstrong Cms | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-0301 | 1 Mapbender | 1 Mapbender | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors. | |||||
| CVE-2008-0288 | 1 Imagealbum | 1 Imagealbum | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action. | |||||
| CVE-2008-0267 | 1 Eticket | 1 Eticket | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php. | |||||
| CVE-2008-0280 | 1 Mtcms | 1 Mtcms | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter. | |||||
| CVE-2008-0253 | 1 Binn | 1 Sbuilder | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter. | |||||
| CVE-2008-0185 | 1 Netrisk | 1 Netrisk | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php). | |||||
| CVE-2008-0286 | 1 Article Dashboard | 1 Article Dashboard | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. | |||||
| CVE-2007-6671 | 1 Instantsoftwares | 1 Dating Site | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6559 | 1 Logaholic | 1 Logaholic | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php. | |||||
| CVE-2007-6538 | 2 Moodle, Mrbs | 2 Moodle, Mrbs | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6540 | 1 Neuron | 1 News | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/. | |||||
| CVE-2007-6544 | 1 Runcms | 1 Runcms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/. | |||||
| CVE-2007-6565 | 1 Blakord | 1 Blakord Portal | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component. | |||||
| CVE-2007-6658 | 1 Customcms | 1 Ccms | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page. | |||||
| CVE-2007-6634 | 1 Netbizcity | 1 Faqmasterflexplus | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the category_id parameter to faq.php, and unspecified other vectors involving additional scripts. | |||||