Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6566 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php. | |||||
| CVE-2007-6518 | 1 Woltlab | 1 Burning Board Lite | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters. | |||||
| CVE-2007-6467 | 1 Mkportal | 1 Mkportal | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. | |||||
| CVE-2007-6498 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp. | |||||
| CVE-2007-6491 | 1 Kvaliitti | 1 Webdoc Cms | 2018-10-15 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp. | |||||
| CVE-2007-6517 | 1 Aeries | 1 Aeries Browser Interface | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6338 | 1 Trivantis | 1 Coursemill Enterprise Learning Management System | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6342 | 1 David Castro | 1 Apache Authcas | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie. | |||||
| CVE-2007-6375 | 1 Bitweaver | 1 Bitweaver | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue. | |||||
| CVE-2007-6362 | 1 Joomla | 1 Rs Gallery2 | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action. | |||||
| CVE-2007-6318 | 1 Wordpress | 1 Wordpress | 2018-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character. | |||||
| CVE-2007-6366 | 1 Sinecms | 1 Sinecms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators. | |||||
| CVE-2007-6272 | 1 Joomla | 1 Joomla | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component. | |||||
| CVE-2007-6311 | 1 Falt4 Cms | 1 Falt4 Extreme Rc4 | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter. | |||||
| CVE-2007-6217 | 1 Irola | 1 My-time | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6240 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter. | |||||
| CVE-2007-6158 | 1 Proverbs | 1 Proverbs Web Calendar | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php. | |||||
| CVE-2007-6143 | 1 Vu | 1 Case Manager | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2007-6159 | 1 Tilde | 1 Tilde Cms | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500. | |||||
| CVE-2007-6163 | 1 Gouae | 1 Dwd Realty | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6138 | 1 Vu | 1 Mass Mailer | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6164 | 1 Eurologon | 1 Eurologon Cms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php. | |||||
| CVE-2007-6091 | 1 Jiro | 1 Banner System | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field. | |||||
| CVE-2007-6106 | 1 Alstrasoft | 1 E-friends | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action. | |||||
| CVE-2007-6058 | 1 Profilecms | 1 Profilecms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module. | |||||
| CVE-2007-6083 | 1 Icebb | 1 Icebb | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | |||||
| CVE-2007-6014 | 1 Beehive Forum | 1 Beehive Forum | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter. | |||||
| CVE-2007-5991 | 1 Exo | 1 Exophpdesk | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action. | |||||
| CVE-2007-5978 | 1 Xoops | 1 Mylinks Module | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
| CVE-2007-6012 | 1 Gatesoft | 1 Docusafe | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5975 | 1 Torrentstrike | 1 Torrentstrike | 2018-10-15 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5916 | 1 Phphelpdesk | 1 Phphelpdesk | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login page in phphelpdesk 0.6.16 allows remote attackers to execute arbitrary SQL commands via unspecified parameters related to the "login procedures." | |||||
| CVE-2007-5766 | 1 Oracle | 1 E-business Suite | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure. | |||||
| CVE-2007-5704 | 1 Codewidgets | 1 Online Event Registration Template | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp. | |||||
| CVE-2007-5688 | 3 Invision Power Services, Phpbb, Sebflipper | 3 Invision Power Board, Phpbb, Multi-forums Module | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters. | |||||
| CVE-2007-5678 | 1 Phpbasic | 1 Phpbasic | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Music module in phpBasic allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to the default URI. | |||||
| CVE-2007-5511 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain. | |||||
| CVE-2007-5508 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server. | |||||
| CVE-2007-5371 | 1 Modxcms | 1 Modxcms | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter. | |||||
| CVE-2007-5430 | 1 Scottmanktelow | 1 Stride Cms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem. | |||||
| CVE-2007-5372 | 2 Dws Systems Inc., Ledgersmb | 2 Sql-ledger, Ledgersmb | 2018-10-15 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. | |||||
| CVE-2007-5220 | 1 Asp Product Catalog | 1 Asp Product Catalog | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters. | |||||
| CVE-2007-5189 | 1 X-script | 1 Guestbook | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. | |||||
| CVE-2007-5151 | 1 Nukescripts | 1 Nukesentinel | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie. | |||||
| CVE-2007-5150 | 1 Nukescripts | 1 Nukesentinel | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125. | |||||
| CVE-2007-5141 | 1 Sitex | 1 Sitex Cms | 2018-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2007-5131 | 1 Interspire | 1 Activekb Nx | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected. | |||||
| CVE-2007-4777 | 1 Joomla | 1 Joomla | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778. | |||||
| CVE-2007-4918 | 1 Gelatocms | 1 Gelatocms | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php. | |||||
| CVE-2007-4881 | 1 Psi-labs | 1 Social Networking Script Psisns | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script (psisns), probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter. | |||||