Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6692 | 2 Fr.simon Rundell, Typo3 | 2 Pd Trainingcourses, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2008-6391 | 1 Nexusjnr | 1 Jbook | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter). | |||||
| CVE-2009-0709 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6459 | 1 Typo3 | 2 Autobeuser, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6458 | 2 Dieter Mayer, Typo3 | 2 Fe Address Edit, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-0706 | 3 Joomla, Mambo, Simple-review | 3 Joomla, Mambo, Com Simple Review | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. | |||||
| CVE-2008-6457 | 2 Typo3, Walnutstreet | 2 Typo3, Cgswigmore | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6753 | 1 Silverstripe | 1 Silverstripe | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField. | |||||
| CVE-2008-6573 | 1 Avaya | 1 Communication Manager | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server. | |||||
| CVE-2008-6134 | 1 Drupal | 2 Drupal, Everyblog | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6456 | 2 Martin Helmich, Typo3 | 2 Hbook, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6326 | 1 Simplecustomer | 1 Simple Customer | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6155 | 1 Hispah | 1 Text Links Ads | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6189 | 1 Gforge | 1 Gforge | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php. | |||||
| CVE-2008-6968 | 1 Pligg | 1 Pligg Cms | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. | |||||
| CVE-2008-6383 | 1 Drupal | 2 Drupal, Storm | 2017-08-17 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6691 | 2 Diocese Of Portsmouth, Typo3 | 2 Pd Calendar Today, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2008-6970 | 1 Ubbcentral | 1 Ubb.threads | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter. | |||||
| CVE-2008-6203 | 1 Jakob-persson | 1 Cobalt | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in adminler.asp in CoBaLT 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6640 | 1 Aspindir | 1 Batmanportal | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6462 | 2 Kurt Gusbeth, Typo3 | 2 Myquizpoll, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6461 | 2 Fr.simon Rundell, Typo3 | 2 Ste Prayer2, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6460 | 2 Mirko Werner, Typo3 | 2 Mw Random Objects, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6443 | 1 Phpkf | 1 Phpkf | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter. | |||||
| CVE-2008-6392 | 1 1scripts | 1 Z1exchange | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6615 | 1 Zen-cart | 1 Zen Cart | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6697 | 2 Michael Fritz, Typo3 | 2 Worldcup, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2008-6434 | 1 Blueriver | 1 Sava Cms | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter. | |||||
| CVE-2008-6803 | 1 Yigit Aybuga | 1 Dizi Portali | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6376 | 1 Nexusjnr | 1 Jbook | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter). | |||||
| CVE-2008-6686 | 2 Jan Bednarik, Typo3 | 2 Cooluri, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2008-6695 | 2 Frank Naegler, Typo3 | 2 Timtab Sociable, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2008-7033 | 2 Galore, Joomla | 2 Com Simpleshop, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. | |||||
| CVE-2008-6236 | 1 Cafuego | 1 Simple Document Management System | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6595 | 1 Typo3 | 1 Pmk Rssnewsexport Extension | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-7040 | 2 Wordpress, Yellowswordfish | 2 Wordpress, Simple Forum | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. | |||||
| CVE-2008-6837 | 1 Zoph | 1 Zoph | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6689 | 2 Kevin Renskers, Typo3 | 2 Dmmjobcontrol, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2008-6678 | 1 Quickersite | 1 Quickersite | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp. | |||||
| CVE-2008-6262 | 1 Infireal | 1 Saturncms | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the URL to the translate function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6276 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2017-08-17 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. | |||||
| CVE-2008-6875 | 1 Humayun Shabbir Bhutta | 1 Asp Product Catalog | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220. | |||||
| CVE-2008-6304 | 1 Xt-commerce | 1 Xt\ | 2017-08-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when magic_quotes_gpc is enabled and the SEO URLs are activated, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2003-1573 | 1 Sun | 1 J2ee | 2017-08-17 | 10.0 HIGH | N/A |
| The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages." | |||||
| CVE-2008-6696 | 2 Manu Oehler, Typo3 | 2 Toto, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2008-6779 | 1 Phpnuke | 2 Php-nuke, Sarkilar Module | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php. | |||||
| CVE-2008-6887 | 1 Preprojects | 1 Pre Classified Listings | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter. | |||||
| CVE-2008-6890 | 1 Codetoad | 1 Asp Forum Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter. | |||||
| CVE-2008-6694 | 2 Fr.simon Rundell, Typo3 | 2 Ste Prayer, Typo3 | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2017-2641 | 1 Moodle | 1 Moodle | 2017-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | |||||