Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0831 | 1 Php-fusion | 2 Members Cv Module, Php-fusion | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. | |||||
| CVE-2009-1506 | 1 Intelliants | 1 Elitius | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php. | |||||
| CVE-2009-1403 | 1 Creloaded | 1 Cre Loaded | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
| CVE-2009-1503 | 1 Tigerdms | 1 Tigerdms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-1411 | 1 Neocrome | 1 Seditio | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php. | |||||
| CVE-2009-0881 | 1 Josema Enzo | 1 Isiajax | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1787 | 1 Phpdirsubmit | 1 Php Dir Submit | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters. | |||||
| CVE-2009-1799 | 1 Sebastian-thiele | 1 St-gallery | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php. | |||||
| CVE-2009-1804 | 1 Videoscript | 1 Youtube Video Script | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-1032 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter. | |||||
| CVE-2009-1810 | 1 Collector | 1 Mycolex | 2017-09-29 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php. | |||||
| CVE-2009-1812 | 1 Collector | 1 Mygesuad | 2017-09-29 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php. | |||||
| CVE-2009-2179 | 1 W2b | 1 Phpdatingclub | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter. | |||||
| CVE-2009-0768 | 1 Yapbb | 1 Yapbb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action. | |||||
| CVE-2009-1813 | 1 Submitterscript | 1 Submitterscript | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field). | |||||
| CVE-2009-1814 | 1 Jevontech | 1 Phpenpals | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074. | |||||
| CVE-2009-1816 | 1 Mygamescript | 1 My Game Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1818 | 1 Maxcms | 1 Maxcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action. | |||||
| CVE-2009-2014 | 1 Joomla | 2 Com School, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php. | |||||
| CVE-2009-1848 | 2 Joomla, Joomlame | 2 Joomla, Com Agoragroup | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php. | |||||
| CVE-2009-1850 | 1 Benjamin Curtis | 1 Phpbugtracker | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2009-1852 | 1 Graphiks | 1 Myforum | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | |||||
| CVE-2009-1853 | 1 Kenseiboard | 1 Kensei Board | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Kensei Board 2.0 BETA (aka 2.0.0b) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) f and (2) t parameters in a showforum action. | |||||
| CVE-2009-1913 | 1 Luxbum | 1 Luxbum | 2017-09-29 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic_quotes_gpc is disabled and dotclear authentication is used, allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||||
| CVE-2009-1024 | 1 Beerwin | 1 Phplinkadmin | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors. | |||||
| CVE-2009-1945 | 1 Tzo | 1 Webcal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | |||||
| CVE-2009-1947 | 1 Newsboard | 1 Unclassified Newsboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686. | |||||
| CVE-2009-1950 | 1 Ahmet Donmez | 1 Webeyes Guest Book | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter. | |||||
| CVE-2009-1952 | 1 Propertymaxpro | 1 Propertymax Pro Free | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-1026 | 1 Kimwebsites | 1 Kim Websites | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-2013 | 1 Frontisgroup | 1 Frontis | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action. | |||||
| CVE-2009-1819 | 1 2daybiz | 1 Custom T-shirt Design Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1023 | 1 Phpcomasy | 1 Phpcomasy | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter. | |||||
| CVE-2009-2016 | 1 Virtuenetz | 1 Virtue Shopping Mall | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-2017 | 1 Virtuenetz | 1 Virtue Book Store | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-2018 | 1 Jaredeckersley | 1 Mycars | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter. | |||||
| CVE-2009-2019 | 1 Virtuenetz | 1 Virtue News Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter. | |||||
| CVE-2009-2021 | 1 Virtuenetz | 1 Virtue Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2009-2023 | 1 Shop-script | 1 Shop-script | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter. | |||||
| CVE-2009-2034 | 1 Ricardo Alexandre De Oliveira Staudt | 1 Yogurt | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter. | |||||
| CVE-2009-1764 | 1 Bokecc | 1 Maxcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action. | |||||
| CVE-2009-3342 | 2 Alphaplug, Joomla | 2 Com Alphauserpoints, Joomla\! | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter. | |||||
| CVE-2009-2096 | 1 David Degner | 1 Phpcollegeexchange | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter. | |||||
| CVE-2009-2098 | 1 Micheal Glazer | 1 Phportal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0863 | 1 Matteoiammarrone | 1 S-cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2209 | 1 Rs-cms | 1 Rs-cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2009-1224 | 1 Scivox | 1 Vsp Stats Processor | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter. | |||||
| CVE-2009-1751 | 1 Realtywebware | 1 Realty Web-base | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1499 | 1 Joomla | 2 Com Mailto, Joomla\! | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor. | |||||
| CVE-2009-1404 | 1 Pastel | 1 Pastelcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter. | |||||