Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3053 | 1 Typo3 | 1 Sql Frontend Extension | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-3051 | 1 Typo3 | 1 Pinboard Extension | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-3044 | 1 Typo3 | 1 News Calendar Extension | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-3039 | 1 Typo3 | 1 Dam Frontend Extension | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-3038 | 1 Typo3 | 1 Address Directory | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-2999 | 1 Drupal | 2 Aggregation Module, Drupal | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-2925 | 1 Valarsoft | 1 Webmatic | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-2850 | 1 Drupal | 1 Trailscout Module | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API. | |||||
| CVE-2008-2819 | 1 Blognplus | 1 Blognplus | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-2775 | 1 Dt Centrepiece | 1 Dt Centrepiece | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2767 | 1 Xigla | 1 Absolute Poll Manager Xe | 2017-08-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2008-2765 | 1 Xigla | 1 Absolute Image Gallery Xe | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action. | |||||
| CVE-2008-1890 | 2 Azrul, Joomla | 2 Jom Comment, Joomla | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1844 | 1 W2b | 1 Phphotresources | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cat.php in W2B phpHotResources allows remote attackers to execute arbitrary SQL commands via the kind parameter. | |||||
| CVE-2008-2380 | 1 Courier-mta | 1 Courtier-authlib | 2017-08-08 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes. | |||||
| CVE-2008-1843 | 1 W2b | 1 Dating Club | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action. | |||||
| CVE-2008-1841 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-08-08 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable. | |||||
| CVE-2008-1840 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-08-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload. | |||||
| CVE-2008-1632 | 1 Emedia Office Gmbh | 1 Cuteflow | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to pages/editfield.php, and the (4) templateid to pages/edittemplate_step1.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1626 | 1 Eggblog | 1 Eggblog | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159. | |||||
| CVE-2008-1607 | 1 Serby Arslanhan | 1 Bomba Haber | 2017-08-08 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter. | |||||
| CVE-2008-1644 | 1 Savas Place | 1 Savas Link Manager | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1540 | 2 Joomla, Mambo | 2 Datsogallery, Datsogallery | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1486 | 1 Phorum | 1 Phorum | 2017-08-08 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search. | |||||
| CVE-2008-1354 | 1 Advanced Data Solutions | 1 Virtual Support Office Xp | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solutions Virtual Support Office-XP (VSO-XP) allows remote attackers to execute arbitrary SQL commands via the Issue_ID parameter. | |||||
| CVE-2008-2184 | 1 Toocharger | 1 Smartblog | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) mois, (2) an, (3) jour, and (4) id parameters to index.php, and the (5) login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2130 | 1 Igaming | 1 Cms | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2038 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2017-08-08 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in admin/adminindex.php in Turnkey Web Tools SunShop Shopping Cart 4.1.0 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) orderby and (2) sort parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2334 | 1 Aspindir | 1 Philboard | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) forumid parameter to (a) admin/philboard_admin-forumedit.asp, (b) admin/philboard_admin-forum.asp, and (c) W1L3D4_foruma_yeni_konu_ac.asp; the (2) id parameter to (d) W1L3D4_konuoku.asp and (e) W1L3D4_konuya_mesaj_yaz.asp; and the (3) topic parameter to W1L3D4_konuya_mesaj_yaz.asp, different vectors than CVE-2008-1939, CVE-2007-2641, and CVE-2007-0920. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2034 | 1 Wordpress | 1 Download Monitor Plugin | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2231 | 1 Slashcode.com | 1 Slash | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter. | |||||
| CVE-2008-0499 | 1 Mamboxchange | 1 Laithai | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-0856 | 1 E-vision | 1 E-vision Cms | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0918 | 2 Astats, Joomla | 2 Astatspro, Com Astatspro | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7231 | 1 Civica Software | 1 Civica | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6266 | 1 Bcoos | 1 Bcoos | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3) modules/mylinks/ratelink.php, different vectors than CVE-2007-5104. | |||||
| CVE-2007-6269 | 1 Xigla | 1 Absolute News Manager.net | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters. | |||||
| CVE-2007-6288 | 1 Tecnick.com | 1 Tcexam | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-6291 | 1 Xigla | 1 Absolute Banner Manager.net | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter. | |||||
| CVE-2007-6299 | 1 Drupal | 1 Drupal | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. | |||||
| CVE-2007-6345 | 1 Aurora | 1 Aurora Framework | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6373 | 1 Gestdown | 1 Gestdown | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php. | |||||
| CVE-2007-6381 | 1 Typo3 | 1 Typo3 | 2017-08-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-6587 | 1 Plogger | 1 Plogger | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0026 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2017-08-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. | |||||
| CVE-2008-0130 | 1 Instantsoftwares | 1 Dating Site | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0173 | 1 Gforge | 1 Gforge | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. | |||||
| CVE-2008-0281 | 1 Id-commerce | 1 Id-commerce | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter. | |||||
| CVE-2008-1220 | 1 Phpnuke | 1 4nchat | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0449 | 1 Rocksalt International | 1 Vp Asp | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||