Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6625 | 1 Webbdomain | 1 Polls | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-6469 | 1 Plaincart | 1 Plaincart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2008-6451 | 1 Jportal | 1 Jportal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509. | |||||
| CVE-2008-6452 | 1 Oceandir | 1 Oceandir | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6454 | 1 6rbscript | 1 6rbscript | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action. | |||||
| CVE-2008-6624 | 1 Webbdomain | 1 Petition | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-6623 | 1 Webbdomain | 1 Post Card | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-6622 | 1 Webbdomian | 1 Post Card | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02, 1.01, and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-6614 | 1 Impliedbydesign | 1 Ibd Micro Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field). | |||||
| CVE-2008-6611 | 1 Abweb | 1 Minimal Ablog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6608 | 1 Developiteasy | 1 Events Calendar | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the id parameter to calendar_details.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6606 | 1 Matpo | 1 Matpo Link | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6464 | 1 Mevin | 1 Basic-php-events-lister | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6466 | 2 Akirapowered, E107 | 2 Image Gallery, E107 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action. | |||||
| CVE-2008-6467 | 1 Dieselscripts | 1 Diesel Job Site | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel Job Site allows remote attackers to execute arbitrary SQL commands via the job_id parameter. | |||||
| CVE-2008-6468 | 1 Dieselscripts | 1 Diesel Pay | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action. | |||||
| CVE-2008-6471 | 1 Mountaingrafix | 1 Easylink | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action. | |||||
| CVE-2008-7097 | 1 Qsoft-inc | 1 K-rate | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4) unspecified variables in modules/chat.php, as demonstrated via the (a) show parameter in an online action to index.php; (b) PATH_INTO to the room/ handler; (c) image and (d) id parameters in a vote action to index.php; (e) PATH_INFO to the blog/ handler; and (f) id parameter in a blog_edit action to index.php. | |||||
| CVE-2008-6475 | 1 Drake Team | 1 Drake Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php. | |||||
| CVE-2008-6477 | 1 Mumbojumbo | 1 Op4 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Mumbo Jumbo Media OP4 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2008-6481 | 3 Joomla, Joomprod, Mambo-foundation | 3 Joomla, Com Versioning, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | |||||
| CVE-2008-6484 | 1 Mole-group | 1 Taxi Calc Dist Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field. | |||||
| CVE-2008-6485 | 1 Softcomplex | 1 Php Image Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter. | |||||
| CVE-2008-6487 | 1 Digiappz | 1 Digiaffiliate | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields. | |||||
| CVE-2008-6488 | 1 Softcomplex | 1 Php Image Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action. | |||||
| CVE-2008-6489 | 2 Huseyin Bora Abaci, Joomla | 2 Com Myalbum, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php. | |||||
| CVE-2008-6525 | 1 Nicephpscripts | 1 Nice Php Faq Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field). | |||||
| CVE-2008-6526 | 1 Bosdev | 1 Bos Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BosDev BosClassifieds allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2008-1838. | |||||
| CVE-2008-6527 | 1 Go4i | 1 Go41.net Asp Forum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the iFor parameter. | |||||
| CVE-2008-6582 | 1 Miniweb2 | 1 Miniweb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||||
| CVE-2009-0750 | 2 Tombstone, Txtsql | 2 Smnews, Txtsql | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in the smNews example script for txtSQL 2.2 Final allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-0740 | 1 Frankmancuso | 1 Bluebird | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | |||||
| CVE-2009-0739 | 1 Frankmancuso | 1 Mynews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | |||||
| CVE-2009-0738 | 1 Frankmancuso | 1 Auth Php | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | |||||
| CVE-2009-0728 | 2 Maxdev, Postnuke | 3 Md-pro, My Egallery, Postnuke | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php. | |||||
| CVE-2009-0726 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. | |||||
| CVE-2009-0707 | 1 Powerscripts | 1 Powerclan | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0705 | 1 Powerscripts | 1 Powernews | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2009-0704 | 1 Webmastersite | 1 Wsn Guest | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action. | |||||
| CVE-2009-0703 | 1 Aspthai.net | 1 Aspthai.net Webboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0702 | 2 Joomla, Phoca | 2 Joomla, Com Phocadocumentation | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php. | |||||
| CVE-2009-0604 | 1 Php Director | 1 Php Director | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter. | |||||
| CVE-2009-0598 | 1 Phpmesfilms | 1 Phpmesfilms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0597 | 1 W3b Cms | 1 Aka W3blabor Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action. | |||||
| CVE-2009-0593 | 1 Plxwebdev | 1 Plx Auto Reminder | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action. | |||||
| CVE-2009-0574 | 1 Cafeengine | 1 Easycafeengine | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604. | |||||
| CVE-2009-0534 | 1 Flexcms | 1 Flexcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter. | |||||
| CVE-2009-0531 | 1 Ontarioabandonedplaces | 1 A Better Member-based Asp Photo Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter. | |||||
| CVE-2009-0528 | 1 Rhadrix | 1 If-cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0494 | 2 Joomla, Mivaco | 2 Joomla, Com Portfol | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php. | |||||