Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1867 | 1 Pixel Motion | 1 Pixel Motion Blog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php. | |||||
| CVE-2008-1869 | 1 Site Sift Media | 1 Site Sift Listings | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific. | |||||
| CVE-2008-1870 | 1 Geek247 | 1 Pigmy-sql | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1871 | 1 Scriptsagent | 1 Links Directory | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-1872 | 1 Comdev | 1 Comdev News Publisher | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1874 | 1 Xpoze | 1 Xpoze Pro | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter. | |||||
| CVE-2008-1875 | 1 Terong | 1 Advanced Web Photo Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter. | |||||
| CVE-2008-1889 | 1 Xplodphp | 1 Autotutorials | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1732 | 1 Predictionfootball | 1 Predictionfootball | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action. | |||||
| CVE-2008-1726 | 1 Myknowledgequest | 1 Knowledgequest | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php. | |||||
| CVE-2008-1909 | 1 Chadha Software Technologies | 1 Phpkb Knowledge Base | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-1911 | 1 1024 Cms | 1 1024 Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie. | |||||
| CVE-2008-1913 | 1 Lasernet Cms | 1 Lasernet Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action. | |||||
| CVE-2008-1915 | 1 Devworx | 1 Blogworx | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1918 | 1 Php-fusion | 1 Php-fusion | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected. | |||||
| CVE-2008-1919 | 1 Yourfreeworld | 1 Apartment Search Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||||
| CVE-2008-1715 | 1 Auracms | 1 Auracms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. | |||||
| CVE-2008-1934 | 1 Crazy Goomba | 1 Crazy Goomba | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1935 | 1 Joomla | 1 Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter. | |||||
| CVE-2008-1714 | 1 Fascript | 1 Faphoto | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1939 | 1 Aspindir | 1 Philboard | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920. | |||||
| CVE-2008-1954 | 1 Webcalendar | 1 Web Calendar Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2008-1957 | 1 Easyscripts | 1 Tr Script News | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode. | |||||
| CVE-2008-1961 | 1 Php Resource | 1 Voice Of Web Allmyguests | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMG_id parameter in a comments action. | |||||
| CVE-2008-1646 | 2 Arnos Toolbox, Wordpress | 2 Wp-download, Wp Download | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. | |||||
| CVE-2008-1975 | 1 Cogites | 1 E Reserve | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter. | |||||
| CVE-2008-1982 | 1 Wordpress | 2 Wordpress, Wpss | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | |||||
| CVE-2008-1640 | 1 Jgs-xa | 1 Jgs Treffen | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action. | |||||
| CVE-2008-2012 | 1 Postnuke Software Foundation | 1 Postschedule | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action. | |||||
| CVE-2008-2013 | 1 Pnflashgames | 1 Pnflashgames | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action. | |||||
| CVE-2008-2023 | 1 Pd9 Software | 1 Megabbs | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp. | |||||
| CVE-2008-2029 | 1 Minibb | 1 Minibb | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php. | |||||
| CVE-2008-1639 | 1 Neat Web | 1 Neat-web | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php. | |||||
| CVE-2008-1623 | 1 Lotus Web Studios Inc | 1 Smoothflash | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-0138 | 1 Xoops | 1 Xoopsgallery Module | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | |||||
| CVE-2008-2047 | 1 Aspindir | 1 Angelo-emlak | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp. | |||||
| CVE-2008-2063 | 1 Joovili | 1 Joovili | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2008-2065 | 1 Yourfreeworld | 1 Jokes Site Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter. | |||||
| CVE-2008-1608 | 1 Clever Copy | 1 Clever Copy | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583. | |||||
| CVE-2008-1591 | 1 Postnuke | 1 Postnuke | 2017-09-29 | 7.5 HIGH | N/A |
| The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable). | |||||
| CVE-2008-1559 | 2 Bernard Gilly, Joomla | 2 Com Alphacontent, Joomla\! | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | |||||
| CVE-2008-1539 | 1 Futurenuke | 1 Php Nuke Platinum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module. | |||||
| CVE-2008-1535 | 1 Matti Kiviharju | 1 Rekry Component | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php. | |||||
| CVE-2008-1513 | 1 Danneo | 1 Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. | |||||
| CVE-2008-1509 | 1 Xlportal | 1 Xlportal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2008-1496 | 1 Peel | 1 Peel | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php. | |||||
| CVE-2008-1465 | 3 Detodas, Joomla, Mambo-foundation | 3 Com Restaurante, Joomla\!, Mambo | 2017-09-29 | 9.3 HIGH | N/A |
| SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562. | |||||
| CVE-2008-1462 | 1 Runcms | 1 Runcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action. | |||||
| CVE-2008-1460 | 3 Joomla, Joomlapixel, Mambo | 3 Joomla, Com Joovideo, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
| CVE-2008-1459 | 4 Joomla, Joomlaitalia, Mambo and 1 more | 4 Joomla, Com Alberghi, Mambo and 1 more | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||