Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6166 | 2 Jmds, Joomla | 2 Com Kbase, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php. | |||||
| CVE-2008-6179 | 1 Indexscript | 1 Indexscript | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069. | |||||
| CVE-2008-6181 | 2 Joomla, Mad4media | 2 Joomla, Com Mad4joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php. | |||||
| CVE-2008-6182 | 1 Joomla | 2 Ignitegallery, Joomla\! | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php. | |||||
| CVE-2008-6184 | 2 Joomla, Medialab-karlsruhe | 2 Joomla, Ownbiblio | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php. | |||||
| CVE-2008-6721 | 1 Ajsquare | 1 Aj Article | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter (aka the username field). | |||||
| CVE-2008-6197 | 1 Kwsphp | 2 Galerie Module, Kwsphp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the galerie module for KwsPHP 1.3.456 allows remote attackers to execute arbitrary SQL commands via the id_gal parameter in a gal action. | |||||
| CVE-2008-6198 | 1 Mybboard | 2 Custom Pages Plugin, Mybb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-6202 | 1 Jakob-persson | 1 Cobalt | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) urun.asp, (2) admin/bayi_listele.asp, (3) admin/urun_grup_listele.asp, and (4) admin/urun_listele.asp. | |||||
| CVE-2008-6720 | 1 Deltascripts | 1 Php Links | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field). | |||||
| CVE-2008-6204 | 1 Supernet | 1 Supernet Shop | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp. | |||||
| CVE-2008-6209 | 1 Vastal | 1 Software Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-6210 | 1 Dream4 | 1 Koobi | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 allows remote attackers to execute arbitrary SQL commands via the img_id parameter in the gallerypic page. | |||||
| CVE-2008-6213 | 1 Harlandscripts | 1 Pro Traffic One | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter. | |||||
| CVE-2008-6214 | 1 Harlandscripts | 1 Pro Traffic One | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6216 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter. | |||||
| CVE-2008-6220 | 1 Cafuego | 1 Simple Document Management System | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter. | |||||
| CVE-2008-6230 | 1 Preprojects | 1 Pre Podcast Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6225 | 1 Mole-group | 1 Airline Ticket Sale Script | 2017-09-29 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist." | |||||
| CVE-2008-6226 | 1 Preproject | 1 Php Auto Listings Script | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter. | |||||
| CVE-2008-6227 | 1 Preproject | 1 Pre Multi-vendor Shopping Malls | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters. | |||||
| CVE-2008-6233 | 1 Fivedollarscripts | 1 Drinks | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter. | |||||
| CVE-2008-6237 | 1 Scripts-for-sites | 1 Hotscripts-like Site | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6241 | 1 China-on-site | 1 Flexphpsite | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. | |||||
| CVE-2008-6242 | 1 Scripts-for-sites | 1 Ez E-store | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter. | |||||
| CVE-2008-6243 | 1 Scripts For Sites | 1 Ez Hotscripts-likesite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-6244 | 1 Scripts-for-sites | 1 Ez Gaming Cheats | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_reviews.php in Scripts for Sites (SFS) EZ Gaming Cheats allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6245 | 1 Scripts-for-sites | 1 Ez Biz Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6249 | 1 Gwm | 1 Galatolo Webmanager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6254 | 1 Jadu | 1 Jadu Galaxies | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in scripts/documents.php in Jadu Galaxies allows remote attackers to execute arbitrary SQL commands via the categoryID parameter. | |||||
| CVE-2008-6257 | 1 Openasp | 1 Openasp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Openasp 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idpage parameter in the pages module. | |||||
| CVE-2008-6258 | 1 Quadcomm | 1 Q-shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108. | |||||
| CVE-2008-6260 | 1 Ultrastats | 1 Ultrastats | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3.11 allows remote attackers to execute arbitrary SQL commands via the serverid parameter. | |||||
| CVE-2008-6653 | 3 Joomla, Mambo, Wh-com | 3 Joomla, Mambo, Com Webhosting | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2008-6261 | 1 E-topbiz | 1 Admanager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows remote attackers to execute arbitrary SQL commands via the group parameter. | |||||
| CVE-2008-6663 | 1 Phpauctions | 1 Phpauctions | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106. | |||||
| CVE-2008-6263 | 1 Infireal | 1 Saturncms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/user/t_user.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the username parameter to the _userLoggedIn function. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6264 | 1 E-topbiz | 1 Slide Popups | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2008-6268 | 1 Sadi Samami | 1 Multi Languages Webshop Online | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6270 | 1 Miticdjd | 1 Apoll | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the user parameter. | |||||
| CVE-2008-6319 | 1 Cfmsource | 1 Cf Calendar | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter. | |||||
| CVE-2008-6272 | 1 Miticdjd | 1 Apoll | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter. | |||||
| CVE-2008-6274 | 1 Mjcreation | 1 Familyproject | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6656 | 1 Openautoclassifieds | 1 Open Auto Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to login.php. | |||||
| CVE-2008-6277 | 1 Rakhisoftware | 1 Rakhisoftware Shopping Cart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter. | |||||
| CVE-2008-6281 | 1 Bluocms | 1 Bluo Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6282 | 1 Ortus.nirn | 1 Cms Ortus | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php. | |||||
| CVE-2008-6320 | 1 Cfshopkart | 1 Cf Shopkart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows remote attackers to execute arbitrary SQL commands via the Category parameter in a ViewCategory action. | |||||
| CVE-2008-6284 | 1 1scripts | 1 Z1exchange | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter. | |||||
| CVE-2008-6285 | 1 Businessvein | 1 Php Tv Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||