Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3076 | 1 Blentz | 1 Smbind | 2011-01-19 | 7.5 HIGH | N/A |
| The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page. | |||||
| CVE-2010-3922 | 1 Sixapart | 1 Movabletype | 2011-01-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-0139 | 1 Cisco | 1 Unified Meetingplace | 2011-01-07 | 9.0 HIGH | N/A |
| Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691. | |||||
| CVE-2010-4609 | 1 Html-edit | 1 Html-edit Cms | 2011-01-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action. | |||||
| CVE-2010-4638 | 2 Iptechinside, Joomla | 2 Com Jquarks4s, Joomla\! | 2010-12-31 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. | |||||
| CVE-2010-4632 | 1 Pilotcart | 1 Pilot Cart | 2010-12-31 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688. | |||||
| CVE-2010-4614 | 1 Mhproducts | 1 Ero Auktion | 2010-12-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723. | |||||
| CVE-2010-4404 | 2 Anything-digital, Joomla | 2 Sh404sef, Joomla\! | 2010-12-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-1093 | 1 1024cms | 1 1024 Cms | 2010-12-14 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action. | |||||
| CVE-2010-4517 | 2 Harmistechnology, Joomla | 2 Com Jeauto, Joomla\! | 2010-12-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. | |||||
| CVE-2010-4505 | 1 Injader | 1 Injader | 2010-12-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters. | |||||
| CVE-2010-4500 | 1 Mrcgiguy | 1 Freeticket | 2010-12-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4503 | 1 Aigaion | 1 Aigaion | 2010-12-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action. | |||||
| CVE-2010-4359 | 1 Jurpo | 1 Jurpopage | 2010-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2010-4365 | 2 Harmistechnology, Joomla | 2 Com Jeajaxeventcalendar, Joomla\! | 2010-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. | |||||
| CVE-2010-4357 | 1 Boka | 1 Siteengine | 2010-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter. | |||||
| CVE-2010-4360 | 1 Jurpo | 1 Jurpopage | 2010-12-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4356 | 1 Site2nite | 1 Big Truck Broker | 2010-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter. | |||||
| CVE-2010-4271 | 1 Impresscms | 1 Impresscms | 2010-11-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-0609 | 1 Novaboard | 1 Novaboard | 2010-11-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the nova_name cookie parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4143 | 1 Phpcheckz | 1 Phpcheckz | 2010-11-03 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-3608 | 1 Wire Plastic Design | 1 Wpquiz | 2010-09-27 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php. | |||||
| CVE-2010-3604 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2010-09-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-3601 | 1 Invisionpower | 1 Ibphotohost | 2010-09-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter. | |||||
| CVE-2010-3484 | 1 Lightneasy | 1 Lightneasy | 2010-09-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. | |||||
| CVE-2010-3485 | 1 Lightneasy | 1 Lightneasy | 2010-09-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-3482 | 1 Bouzouste | 1 Primitive Cms | 2010-09-23 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication. | |||||
| CVE-2010-3422 | 2 Joomla, Solventus | 2 Joomla\!, Com Jgen | 2010-09-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | |||||
| CVE-2010-3428 | 1 Intermesh | 1 Group-office | 2010-09-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action. | |||||
| CVE-2010-0438 | 1 Otrs | 1 Otrs | 2010-09-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4979 | 1 Keil-software | 1 Photokorn Gallery | 2010-08-25 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) where[], (2) sort, (3) order, and (4) Match parameters. | |||||
| CVE-2010-3029 | 1 Phpkick | 1 Phpkick | 2010-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in statistics.php in PHPKick 0.8 allows remote attackers to execute arbitrary SQL commands via the gameday parameter in an overview action. | |||||
| CVE-2010-3027 | 1 Tycoon | 1 Baseball Script | 2010-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0.9 allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a game_player action. | |||||
| CVE-2010-2577 | 1 Pligg | 1 Pligg Cms | 2010-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php. | |||||
| CVE-2010-3013 | 1 Pligg | 1 Pligg Cms | 2010-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577. | |||||
| CVE-2010-2855 | 1 Jared Meeker | 1 Event Horizon | 2010-07-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4968 | 2 Christian Ehmann, Typo3 | 2 Event Registr, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4970 | 2 Typo3, Typo3-macher | 2 Typo3, T3m Affiliate | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4959 | 2 Stefan Koch, Typo3 | 2 T3m, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4966 | 2 Elemente, Typo3 | 2 Ast Addresszipsearch, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4971 | 2 Typo3, Vincent Tietz | 2 Typo3, Vjchat | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4967 | 2 Jochen Rieger, Typo3 | 2 Car, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4969 | 1 Typo3 | 2 Sbanner, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4965 | 2 Thomas Waggershauser, Typo3 | 2 Air Lexicon, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4954 | 2 Typo3, Websedit | 2 Typo3, Sk Calendar | 2010-07-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4955 | 2 Thomas Hempel, Typo3 | 2 Th Ultracards, Typo3 | 2010-07-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4949 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2010-07-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4950 | 2 Tim Lochmueller \& Thomas Buss, Typo3 | 2 A21glossary Advanced Output, Typo3 | 2010-07-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-2699 | 1 Edgephp | 1 Clickbank Affiliate Marketplace Script | 2010-07-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2010-2694 | 2 Joomla, Redcomponent | 2 Joomla\!, Com Redshop | 2010-07-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php. | |||||