Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3873 | 1 Openconstructor Project | 1 Openconstructor | 2012-12-28 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php. | |||||
| CVE-2012-6427 | 1 Carlosgavazzi | 2 Eos-box Photovoltaic Monitoring System, Eos-box Photovoltaic Monitoring System Firmware | 2012-12-24 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861. | |||||
| CVE-2011-5183 | 1 Bioinformatics | 1 Ordersys | 2012-12-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/. | |||||
| CVE-2011-4949 | 1 Egroupware | 2 Egroupware, Egroupware Enterprise Line | 2012-12-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-4232 | 1 Jamit | 1 Jamit Job Board | 2012-12-13 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying "The vulnerability is without any basis and did not actually work." CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection. | |||||
| CVE-2012-4971 | 1 Layton Technology | 1 Helpbox | 2012-12-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp. | |||||
| CVE-2012-5550 | 2 Carlos Carvalhar, Drupal | 2 Time Spent, Drupal | 2012-12-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-4479 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2012-12-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-6039 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2012-11-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter. | |||||
| CVE-2008-3070 | 1 Mybb | 1 Mybb | 2012-11-27 | 7.5 HIGH | N/A |
| Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. | |||||
| CVE-2012-4601 | 1 Tecnick | 1 Tcexam | 2012-11-26 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php. | |||||
| CVE-2012-1815 | 1 Emerson | 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation | 2012-10-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4826 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2012-10-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-5317 | 1 Bigware | 1 Bigware Shop | 2012-10-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action. | |||||
| CVE-2007-3273 | 1 Fusetalk | 1 Fusetalk | 2012-10-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5960 | 1 Tribiq | 1 Tribiq Cms | 2012-10-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4246 | 1 Plogger | 1 Plogger | 2012-10-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. | |||||
| CVE-2006-4756 | 1 Accomplishtechnology | 1 Phpmydirectory | 2012-10-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2011-4959 | 1 Silverstripe | 1 Silverstripe | 2012-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-5063 | 1 Vwar | 1 Virtual War | 2012-10-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter. | |||||
| CVE-2011-4638 | 1 Spamtitan | 1 Webtitan | 2012-10-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php. | |||||
| CVE-2012-1603 | 1 Nextbbs | 1 Nextbbs | 2012-10-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function. | |||||
| CVE-2012-0973 | 1 Osclass | 1 Osclass | 2012-09-26 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1638 | 2 Dominique Clause, Drupal | 2 Search Autocomplete, Drupal | 2012-09-21 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-3032 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2012-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. | |||||
| CVE-2011-4960 | 1 Silverstripe | 1 Silverstripe | 2012-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-5175 | 1 Bananadance | 1 Banana Dance | 2012-09-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2012-2740 | 1 Phplist | 1 Phplist | 2012-09-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. | |||||
| CVE-2012-4237 | 1 Tecnick | 1 Tcexam | 2012-09-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php. | |||||
| CVE-2012-2306 | 2 Drupal, Willem Van Der Plaat | 2 Drupal, Addressbook | 2012-09-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-4868 | 2 Joomla, Kunena | 2 Joomla\!, Kunena | 2012-09-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-4448 | 1 Wikkawiki | 1 Wikkawiki | 2012-09-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action. | |||||
| CVE-2012-4686 | 1 Vbulletin | 1 Vbulletin | 2012-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. | |||||
| CVE-2012-2324 | 1 Mybb | 1 Mybb | 2012-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP). | |||||
| CVE-2012-3477 | 1 Thomas Hunter | 1 Neoinvoice | 2012-08-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action. | |||||
| CVE-2012-4673 | 1 Thomas Hunter | 1 Neoinvoice | 2012-08-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477. | |||||
| CVE-2011-5113 | 2 Joomla, Techdeluge | 2 Joomla\!, Com Techfolio | 2012-08-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2011-5112 | 2 Blueflyingfish, Joomla | 2 Com Alameda, Joomla\! | 2012-08-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php. | |||||
| CVE-2011-5116 | 1 Setseed | 1 Setseed Cms | 2012-08-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie. | |||||
| CVE-2012-2325 | 1 Mybb | 1 Mybb | 2012-08-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-2332 | 1 S9y | 1 Serendipity | 2012-08-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). | |||||
| CVE-2012-4258 | 1 Myrephp | 1 Myre Real Estate Software | 2012-08-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php. | |||||
| CVE-2012-4279 | 1 Rwcinc | 1 Free Realty | 2012-08-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/admin.php. | |||||
| CVE-2010-5096 | 2 Mybb, Mybboard | 2 Mybb, Mybb | 2012-08-14 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error." | |||||
| CVE-2012-3471 | 1 Ushahidi | 1 Ushahidi Platform | 2012-08-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id. | |||||
| CVE-2012-3469 | 1 Ushahidi | 1 Ushahidi Platform | 2012-08-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php. | |||||
| CVE-2012-3470 | 1 Ushahidi | 1 Ushahidi Platform | 2012-08-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions. | |||||
| CVE-2012-4070 | 1 Dir2web | 1 Dir2web | 2012-08-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php. | |||||
| CVE-2012-3468 | 1 Ushahidi | 1 Ushahidi Platform | 2012-08-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php. | |||||
| CVE-2012-3554 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2012-08-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||