Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4598 | 2 Corephp, Joomla | 2 Com Jphoto, Joomla | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php. | |||||
| CVE-2009-4597 | 1 Phpwares | 1 Php Inventory | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4591 | 1 Secureideas | 1 Base | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4583 | 1 Joomla | 2 Com Dhforum, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php. | |||||
| CVE-2009-4582 | 1 Xoops | 1 Xoops Dictionary | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-4577 | 1 Maxdev | 2 Mdforum, Mdpro | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | |||||
| CVE-2009-4576 | 2 Cmstactics, Joomla | 2 Com Beeheard, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php. | |||||
| CVE-2009-4574 | 1 I-escorts | 1 I-escorts Directory Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | |||||
| CVE-2009-4569 | 1 Elkagroup | 1 Image Gallery | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/. | |||||
| CVE-2009-4566 | 1 Zenphoto | 1 Zenphoto | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3788 | 1 Opendocman | 1 Opendocman | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter. | |||||
| CVE-2009-3778 | 2 Adam Gerson, Drupal | 2 Moodle Courselist, Drupal | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4436 | 1 Activewebsoftwares | 1 Ewebquiz | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706. | |||||
| CVE-2009-4437 | 1 Activewebsoftwares | 1 Active Auction House | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1. | |||||
| CVE-2009-3259 | 1 Thomas Cuchta | 1 Rash | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RASH Quote Management System (RQMS) 1.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the search parameter in a search action, (2) the quote parameter in a quote addition, or (3) a User_Name cookie in unspecified administrative actions. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3255 | 1 Thomas Cuchta | 1 Rash | 2017-08-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI. | |||||
| CVE-2009-3205 | 1 Cbauthority | 1 Cbauthority | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action. | |||||
| CVE-2009-3203 | 1 Ajsquare | 1 Aj Auction Pro-oopd | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-4751 | 1 Phppower | 1 Swinger Club Portal | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action. | |||||
| CVE-2009-3208 | 1 Prakashatma Mishra | 1 Phpfreebb | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php. | |||||
| CVE-2009-2545 | 1 Anelectron | 1 Advanced Electron Forum | 2017-08-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2093 | 1 Ibm | 1 Websphere Partner Gateway | 2017-08-17 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-2004 | 1 Dokeos | 1 Dokeos | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902. | |||||
| CVE-2009-2008 | 1 Dokeos | 1 Dokeos | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2. | |||||
| CVE-2009-0808 | 1 Simple Cmms | 1 Simplecmms | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-1034 | 1 Drupal | 1 Tasklist | 2017-08-17 | 10.0 HIGH | N/A |
| SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI. | |||||
| CVE-2009-1065 | 1 Getpixie | 1 Pixie Cms | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1208 | 2 Auth2db, Auth2dbauth2db | 2 Auth2db, 0.1.1 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings. | |||||
| CVE-2009-1245 | 1 Cccp-common-clan-portal-pasterbin | 1 Cccp Pastebin | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/submit.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1258 | 2 Joomla, Rd-media | 2 Joomla, Com Rdautos | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1362 | 1 Chcounter | 1 Chcounter | 2017-08-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2978 | 1 Sugarcrm | 1 Sugarcrm | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-2894 | 1 Clone2009 | 1 Ebay Clone | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php. | |||||
| CVE-2009-2891 | 1 Phpscriptsnow | 1 Riddles | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2009-2888 | 1 Phpscriptsnow | 1 Hangman | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter. | |||||
| CVE-2009-2886 | 1 Phpscriptsnow | 1 President Bios | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter. | |||||
| CVE-2009-2885 | 1 Phpscriptsnow | 1 World\'s Tallest Buildings | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter. | |||||
| CVE-2009-2790 | 1 Softbiz | 1 Dating Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4. | |||||
| CVE-2009-2789 | 2 Joomla, Permis | 2 Joomla, Com Groups | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1481 | 1 Pjhome | 1 Puterjams Blog | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1505 | 1 Drupal | 2 Drupal, News Page | 2017-08-17 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field. | |||||
| CVE-2009-1657 | 1 B2evolution | 2 B2evolution, Starrating Plugin | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-1731 | 1 Mlffat | 1 Mlffat | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie. | |||||
| CVE-2009-2590 | 1 Resalecode | 1 Hutscripts Php Website Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-2232 | 1 Softbizscripts | 1 Banner Ad Management Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2365 | 1 Datachecknh | 1 Gallerypal Fe | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2243 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1842 | 1 Phpnuke | 1 Php-nuke | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. | |||||
| CVE-2008-6368 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2008-6693 | 2 Sebastian Baumann, Typo3 | 2 Sb Downloader, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||