Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1658 | 1 Realtywebware | 1 Realty Web-base | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0810 | 1 Xatrix | 1 Xguestbook | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2009-1655 | 1 Easy-scripts | 1 Answer And Question Script | 2017-09-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password. | |||||
| CVE-2009-1651 | 1 2daybiz | 1 Business Community Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2009-1747 | 1 26thavenue | 1 Bspeak | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action. | |||||
| CVE-2009-1746 | 1 Diangemilang | 1 Dgnews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||||
| CVE-2009-1742 | 1 Pc4arb | 1 Pc4 Uploader | 2017-09-29 | 7.5 HIGH | N/A |
| code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function. | |||||
| CVE-2009-1650 | 1 Tenfourzero | 1 Shutter | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html. | |||||
| CVE-2009-1741 | 1 Dutchmonkey | 1 Dm Filemanager | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | |||||
| CVE-2009-0324 | 1 Bibciter | 1 Bibciter | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php. | |||||
| CVE-2008-6328 | 1 Butterflymedia | 1 Butterfly Organizer | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6329 | 1 Preproject | 1 Pre Asp Job Board | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6330 | 1 Jaia Interactive | 1 Mytopix | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the send parameter in a notes action. | |||||
| CVE-2008-6332 | 1 Simplecustomer | 1 Simple Customer | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2008-6333 | 1 Matthew General | 1 Rss Simple News | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in news.php in RSS Simple News (RSSSN), when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2008-6337 | 2 Joomla, Joomlaapps | 2 Joomla, Com Volunteer | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php. | |||||
| CVE-2008-6647 | 1 Ktools | 1 Photostore | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter. | |||||
| CVE-2008-6642 | 1 Dotcontent | 1 Fluentcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in DotContent FluentCMS 4.x allows remote attackers to execute arbitrary SQL commands via the sid parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6641 | 1 Aspindir | 1 Shader Tv | 2017-09-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp. | |||||
| CVE-2008-6345 | 1 Cms.maury91 | 1 Solarcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to indes.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6348 | 1 Developiteasy | 1 Photo Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6349 | 1 Turnkeyforms | 1 Business Survey Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6350 | 1 Turnkeyforms | 1 Local Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||||
| CVE-2008-6352 | 1 Xpoze | 1 Xpoze Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter. | |||||
| CVE-2008-6353 | 1 Asp-cms | 1 Asp-cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cha parameter. | |||||
| CVE-2008-6358 | 1 Socialgroupie | 1 Social Groupie | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6362 | 1 Ezonelink | 1 Multiple Membership Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6634 | 1 Beaussier | 1 Roomphplanning | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idroom parameter to weekview.php. | |||||
| CVE-2008-6369 | 1 Ocean12tech | 1 Contact Manager Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter. | |||||
| CVE-2008-6371 | 1 Ocean12tech | 1 Membership Manager Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter). | |||||
| CVE-2008-6372 | 1 Ocean12tech | 1 Faq Manager Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6633 | 1 Beaussier | 1 Roomphplanning | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idresa parameter to resaopen.php. | |||||
| CVE-2008-6378 | 1 Mxmania | 1 Calendar Mx Professional | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-6379 | 1 Mxmania | 1 Gallery Mx | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-6380 | 1 Activewebsoftwares | 1 Active Web Helpdesk | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. | |||||
| CVE-2008-6381 | 1 Bcoos | 1 Bcoos | 2017-09-29 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-6389 | 1 Aliensoftcorp | 1 Rae Media Contact Management | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6390 | 1 Ocean12tech | 1 Membership Manager Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6632 | 1 Mercuryboard | 1 Mercuryboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']). | |||||
| CVE-2008-6627 | 1 Webbdomain | 1 Webshop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-6401 | 1 Jetik | 1 Jetik-web | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter. | |||||
| CVE-2008-6405 | 1 Greatclone | 1 Hotscripts Clone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-6409 | 1 Brian Wilson | 1 Ol\'bookmarks | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action. | |||||
| CVE-2008-6414 | 1 Aj Square | 1 Aj Auction | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||||
| CVE-2008-6419 | 1 Socialsitegenerator | 1 Social Site Generator | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to social_forum_subcategories.php. | |||||
| CVE-2008-6422 | 1 Psychostats | 1 Psychostats | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php. | |||||
| CVE-2008-6425 | 1 Comicshout | 1 Comicshout | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456. | |||||
| CVE-2008-6429 | 2 Joomla, Mike Leeper | 2 Joomla, Com Prayercenter | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php. | |||||
| CVE-2008-6430 | 1 Joomla | 2 Com Mycontent, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | |||||
| CVE-2008-6626 | 1 Webbdomain | 1 Quiz | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||