Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4851 | 1 Eclime | 1 Eclime | 2012-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter to create_account.php. | |||||
| CVE-2010-4838 | 2 Extensiondepot, Joomla | 2 Com Jsupport, Joomla\! | 2012-02-14 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php. | |||||
| CVE-2011-4808 | 2 Joomla, Joomlaextensions | 2 Joomla\!, Com Hmcommunity | 2012-02-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. | |||||
| CVE-2011-4811 | 1 Bst | 1 Bestshoppro | 2012-02-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter. | |||||
| CVE-2011-4826 | 1 Autosectools | 1 V-cms | 2012-02-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4823 | 2 Extensionsforjoomla, Joomla | 2 Com Vikrealestate, Joomla\! | 2012-02-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php. | |||||
| CVE-2011-5076 | 1 Hudong | 1 Hdwiki | 2012-02-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4986 | 1 Cafuego | 1 Simple Document Management System | 2012-02-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter. | |||||
| CVE-2005-3877 | 1 Cafuego | 1 Simple Document Management System | 2012-02-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php. | |||||
| CVE-2011-5072 | 1 Sitracker | 1 Support Incident Tracker | 2012-02-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php. | |||||
| CVE-2011-5071 | 1 Sitracker | 1 Support Incident Tracker | 2012-02-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4215 | 1 Oneorzero | 1 Aims | 2012-01-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable. | |||||
| CVE-2012-0912 | 1 Stone-ware | 1 Webnetwork | 2012-01-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-5059 | 1 Cmscout | 1 Cmscout | 2012-01-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action. | |||||
| CVE-2011-5022 | 1 Pligg | 1 Pligg Cms | 2011-12-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter. | |||||
| CVE-2011-4829 | 2 Barter-sites, Joomla | 2 Com Listing, Joomla\! | 2011-12-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. | |||||
| CVE-2009-3820 | 2 Flagbit, Typo3 | 2 Fb Filebase, Typo3 | 2011-12-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-4671 | 2 Adrotateplugin, Wordpress | 2 Adrotate, Wordpress | 2011-12-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL). | |||||
| CVE-2011-4349 | 1 Freedesktop | 1 Colord | 2011-12-12 | 4.6 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id. | |||||
| CVE-2011-2917 | 1 Mambo-foundation | 1 Mambo | 2011-12-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter. | |||||
| CVE-2006-5242 | 1 Etomite | 1 Etomite | 2011-12-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-5053 | 2 Joomla, Php-shop-system | 2 Joomla\!, Com Xobbix | 2011-11-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php. | |||||
| CVE-2010-5022 | 2 Harmistechnology, Joomla | 2 Com Jesubmit, Joomla\! | 2011-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | |||||
| CVE-2010-4997 | 1 Olykit | 1 Swoopo Clone 2010 | 2011-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action. | |||||
| CVE-2010-5004 | 1 2daybiz | 1 Polls Script | 2011-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2010-5019 | 1 2daybiz | 1 Online Classified Script | 2011-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter. | |||||
| CVE-2009-3418 | 1 Plume-cms | 1 Plume Cms | 2011-11-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4780 | 1 Enanocms | 1 Enano Cms | 2011-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4737 | 1 Hotwebscripts | 1 Hotweb Rentals | 2011-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter. | |||||
| CVE-2010-4782 | 1 Softwebsnepal | 1 Ananda Real Estate | 2011-09-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807. | |||||
| CVE-2010-4830 | 1 T-dreams | 1 Job Career Package | 2011-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter. | |||||
| CVE-2010-4770 | 1 Commodityrentals | 1 Dvd Rentals Script | 2011-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action. | |||||
| CVE-2010-4736 | 1 Gatesoft | 1 Docusafe | 2011-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4738 | 1 Raemedia | 1 Real Estate Single And Multi Agent System | 2011-09-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System. | |||||
| CVE-2010-4839 | 2 Edgetechweb, Wordpress | 2 Event Registration, Wordpress | 2011-09-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action. | |||||
| CVE-2006-1049 | 1 Joomla | 1 Joomla | 2011-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-0115 | 1 Oneplug Solutions | 1 Oneplug Cms | 2011-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp. | |||||
| CVE-2005-4478 | 1 Papoo | 1 Papoo | 2011-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the (2) forumid and (3) reporeid_print parameters to (c) print.php. | |||||
| CVE-2011-1342 | 1 Aimluck | 2 Aipo, Aipo-asp | 2011-08-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ASP before 5.1.1, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4829 | 1 T-dreams | 1 Cars Ads Package | 2011-08-25 | 7.5 HIGH | N/A |
| SQL injection vulnerability in processview.asp in Techno Dreams (T-Dreams) Cars Ads Package 2.0 allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2010-0329 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2011-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript." | |||||
| CVE-2010-0332 | 2 Stefan Tannhaeuser, Typo3 | 2 Tv21 Talkshow, Typo3 | 2011-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2005-4495 | 1 Spiremedia | 1 Mx7 | 2011-08-08 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB have both performed additional research that suggests that this might be path disclosure from invalid SQL syntax. | |||||
| CVE-2009-4613 | 1 Netartmedia | 1 Real Estate Portal | 2011-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-3960 | 1 X-scripts | 1 X-poll | 2011-08-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2005-3744 | 1 Phpcomasy | 1 Phpcomasy | 2011-08-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php. | |||||
| CVE-2005-3497 | 1 Phphandicapper | 1 Php Handicapper | 2011-08-05 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying "this is 100% false reporting, this is a slander campaign from a customer who had a vulnerability in his SERVER not the software." However, followup investigation strongly suggests that the original report is correct. | |||||
| CVE-2005-3881 | 1 Altantisfaq | 1 Altantis Knowledge Base Software | 2011-08-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. | |||||
| CVE-2007-0789 | 1 Mambo | 1 Mambo | 2011-08-05 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter. | |||||
| CVE-2005-3748 | 1 Tru-zone | 1 Nukeet | 2011-08-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||