Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5096 | 2 Mybb, Mybboard | 2 Mybb, Mybb | 2012-08-14 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error." | |||||
| CVE-2012-2325 | 1 Mybb | 1 Mybb | 2012-08-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-4258 | 1 Myrephp | 1 Myre Real Estate Software | 2012-08-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php. | |||||
| CVE-2012-4279 | 1 Rwcinc | 1 Free Realty | 2012-08-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/admin.php. | |||||
| CVE-2012-2332 | 1 S9y | 1 Serendipity | 2012-08-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). | |||||
| CVE-2012-3471 | 1 Ushahidi | 1 Ushahidi Platform | 2012-08-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id. | |||||
| CVE-2012-3469 | 1 Ushahidi | 1 Ushahidi Platform | 2012-08-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php. | |||||
| CVE-2012-3470 | 1 Ushahidi | 1 Ushahidi Platform | 2012-08-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions. | |||||
| CVE-2012-3468 | 1 Ushahidi | 1 Ushahidi Platform | 2012-08-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php. | |||||
| CVE-2012-4070 | 1 Dir2web | 1 Dir2web | 2012-08-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php. | |||||
| CVE-2012-3554 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2012-08-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-3998 | 1 Sayakbanerjee | 1 Sticky Notes | 2012-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.php, (3) user id to admin/modules/mod_users.php, (4) project to list.php, or (5) session id to show.php. | |||||
| CVE-2012-3881 | 1 Adrian Chadd | 2 Rtg, Rtg2 | 2012-07-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php. | |||||
| CVE-2009-4838 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2012-07-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2005-3325 | 2 Acid, Secureideas | 2 Analysis Console For Intrusion Databases, Basic Analysis And Security Engine | 2012-07-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters. | |||||
| CVE-2012-2338 | 1 Johan Cwiklinski | 1 Galette | 2012-05-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php. | |||||
| CVE-2010-4842 | 1 Mhproducts | 1 Download Center | 2012-05-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4935 | 1 Khader Abbeb | 1 Entrans | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2010-4856 | 1 Aspindir | 1 Xweblog | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter. | |||||
| CVE-2010-4887 | 2 Raphael Zschorsch, Typo3 | 2 Commentsbe, Typo3 | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4888 | 2 Marco Hezel, Typo3 | 2 Hm Tinymarket, Typo3 | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4891 | 2 Andreas Kiefer, Typo3 | 2 Ke Yac, Typo3 | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4898 | 2 Gantry-framework, Joomla | 2 Com Gantry, Joomla\! | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php. | |||||
| CVE-2010-4904 | 2 Joomla, Simon Philips | 2 Joomla\!, Com Aardvertiser | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4905 | 1 Softbizscripts | 1 Article Directory Script | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter. | |||||
| CVE-2010-4929 | 2 Joomla, Joostina-cms | 2 Joomla\!, Com Ezautos | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php. | |||||
| CVE-2010-4934 | 1 Svcreation | 1 Get Tube | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4938 | 1 Joomla | 2 Com Weblinks, Joomla\! | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4946 | 1 Allpcscript | 1 Allpc | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
| CVE-2010-4950 | 2 Joachim Ruhs, Typo3 | 2 Event, Typo3 | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-5102 | 1 Atcom | 1 Netvolution | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter. | |||||
| CVE-2008-7302 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2012-05-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file." | |||||
| CVE-2012-0337 | 1 Cisco | 1 Unified Meetingplace | 2012-05-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. | |||||
| CVE-2012-2236 | 1 Ryan Walberg | 1 Php Gift Registry | 2012-04-20 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action. | |||||
| CVE-2010-4969 | 1 Brotherscripts | 1 Business Directory | 2012-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-4803 | 2 Bravenewcode, Wordpress | 2 Wptouch, Wordpress | 2012-03-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-4487 | 1 Cisco | 7 Business Edition 3000, Business Edition 3000 Software, Business Edition 5000 and 4 more | 2012-03-05 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. | |||||
| CVE-2011-1915 | 1 Infor | 2 Eclient, Enspire Distribution Management Solution | 2012-02-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-0999 | 1 Lepton-cms | 1 Lepton | 2012-02-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter. | |||||
| CVE-2012-1225 | 1 Dolibarr | 1 Dolibarr | 2012-02-24 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. | |||||
| CVE-2012-1234 | 1 Advantech | 1 Advantech Webaccess | 2012-02-23 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. | |||||
| CVE-2010-2092 | 1 Cacti | 1 Cacti | 2012-02-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query. | |||||
| CVE-2010-1431 | 1 Cacti | 1 Cacti | 2012-02-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. | |||||
| CVE-2012-1077 | 2 Manfred Egger, Typo3 | 2 Bc Post2facebook, Typo3 | 2012-02-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-3688 | 1 Sonexis | 1 Conferencemanager | 2012-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp. | |||||
| CVE-2011-3394 | 1 Myrephp | 1 Myre Real Estate Software | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2010-4864 | 2 Danieljamesscott, Joomla | 2 Com Clubmanager, Joomla\! | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php. | |||||
| CVE-2010-5037 | 1 Michau Enterprises | 1 Sensesites Commonsense Cms | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
| CVE-2010-5008 | 1 Denaliintranet | 1 Brightsuite Groupware | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter. | |||||
| CVE-2010-5006 | 1 Emophp | 1 Emo Realty Manager | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in googlemap/index.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the cat1 parameter. | |||||