Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6286 | 1 Activewebsoftwares | 1 Active Newsletter | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6289 | 1 Toursmanager | 1 Tours Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cityview.php in Tours Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the cityid parameter. | |||||
| CVE-2008-6301 | 2 Phpbb, Prezmo | 2 Phpbb, Small Shoutbox | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | |||||
| CVE-2008-6303 | 1 Toursmanager | 1 Tours Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tourview.php in ToursManager allows remote attackers to execute arbitrary SQL commands via the tourid parameter. | |||||
| CVE-2008-6652 | 1 Insanevisions | 1 Onecms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter. | |||||
| CVE-2008-6649 | 1 Ktools | 1 Photostore | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6309 | 1 W3matter | 1 Askpert | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6322 | 1 Cfmsource | 1 Cfmblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||||
| CVE-2008-6310 | 1 W3matter | 1 Revsense | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6311 | 1 Butterflymedia | 1 Butterfly Organizer | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name. | |||||
| CVE-2008-6312 | 1 Manzovi | 1 Proquiz | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-6364 | 1 Adserversolutions | 1 Banner Exchange Software | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6314 | 1 Phpbb | 2 Phpbb, Tag Board | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | |||||
| CVE-2008-6365 | 1 Adserversolutions | 1 Ad Management Software | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6366 | 1 Adserversolutions | 1 Affiliate Software Java | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6323 | 1 Cfmsource | 1 Cf Auction | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||||
| CVE-2008-6324 | 1 Cfmsource | 1 Cf Forum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||||
| CVE-2008-6648 | 1 Ktools | 1 Photostore | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647. | |||||
| CVE-2008-5726 | 1 Stormboards Aaronnemisis | 1 Stormboards | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5928 | 1 Flds-script | 1 Flds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6165 | 1 Easy-script | 1 Cspartner | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters. | |||||
| CVE-2008-5930 | 1 The Net Guys | 1 Aspired2blog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter. | |||||
| CVE-2008-6014 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5952 | 1 Ktp Computer Customer Database | 1 Ktp Computer Customer Database | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI. | |||||
| CVE-2008-6028 | 1 University Of Queensland | 1 Fez | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject action. | |||||
| CVE-2008-6029 | 1 Buzzywall | 1 Buzzywall | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2008-6030 | 1 Netartmedia | 1 Jobs Portal | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 allow remote attackers to execute arbitrary SQL commands via (1) the job parameter to index.php in the search module or (2) the news_id parameter to index.php. | |||||
| CVE-2008-6031 | 1 Wsn Links | 1 Wsn Links | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also vulnerable. | |||||
| CVE-2008-6032 | 1 Wsn | 1 Links | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4142 | 1 Ephpscripts | 1 E-php Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter. | |||||
| CVE-2008-6033 | 1 Wsn Links | 1 Wsn Links | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4144 | 1 Discountedscripts | 1 E-gold Script Shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action. | |||||
| CVE-2008-4145 | 1 Addalink | 1 Addalink | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2008-6151 | 1 Sepcity | 1 Shopping Mall | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-4150 | 1 Dieselscripts | 1 Diesel Joke Site | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763. | |||||
| CVE-2008-4154 | 1 Living-e | 1 Webedition Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter. | |||||
| CVE-2008-4156 | 1 Customcms | 1 Gaming Portal | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4157 | 1 Vastal | 1 Phpvid | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected. | |||||
| CVE-2008-4159 | 1 Zanfi Solutions | 2 Jaw Portal, Zanfi Cms Lite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter. | |||||
| CVE-2008-4161 | 1 Assetman | 1 Assetman | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action. | |||||
| CVE-2008-4169 | 1 Iscripts | 1 Easyindex | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter. | |||||
| CVE-2008-6037 | 1 Availscript | 1 Availscript Article Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the v parameter. | |||||
| CVE-2008-4173 | 1 Proarcadescript | 1 Proarcadescript | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL commands via the random parameter to the default URI. | |||||
| CVE-2008-4175 | 1 Linkbidscript | 1 Linkbidscript | 2017-09-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php. | |||||
| CVE-2008-4176 | 1 Asp Indir | 1 Fot Video Scripti | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter. | |||||
| CVE-2008-4177 | 1 Preprojects | 1 Pre Real Estate Listings | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2008-4178 | 1 Downline Goldmine | 2 Builder, New Addon | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4185 | 1 Webcms | 1 Webcms Portal Edition | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213. | |||||
| CVE-2008-4202 | 1 Gonafish | 1 Linkscaffepro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 allows remote attackers to execute arbitrary SQL commands via the idd parameter in a deadlink action. | |||||
| CVE-2008-4203 | 1 Czaries | 1 Czarnews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie. | |||||