Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5000 | 1 Joe Pieruccini | 1 Mclogin System | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4970 | 1 Wikiwebhelp | 1 Wiki Web Help | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0.28 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4968 | 2 Joomla, Webmaster-tips | 2 Joomla\!, Com Wmtpic | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2010-4936 | 2 Joomla, Webmaster-tips | 2 Joomla\!, Com Slideshow | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2010-4933 | 1 Geeklog | 1 Geeklog | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
| CVE-2010-4927 | 2 Joomla, Photoindochina | 2 Joomla\!, Com Restaurantguide | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php. | |||||
| CVE-2010-4923 | 1 Virtuenetz | 1 Virtue Book Store | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in book/detail.php in Virtue Netz Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the bid parameter. | |||||
| CVE-2010-4902 | 2 Joomla, Joomla-clantools | 2 Joomla\!, Clantools | 2012-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php. | |||||
| CVE-2010-4859 | 1 Webasyst | 1 Shop-script | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action. | |||||
| CVE-2010-4855 | 1 Aspindir | 1 Xweblog | 2012-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter. | |||||
| CVE-2010-4851 | 1 Eclime | 1 Eclime | 2012-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter to create_account.php. | |||||
| CVE-2010-4838 | 2 Extensiondepot, Joomla | 2 Com Jsupport, Joomla\! | 2012-02-14 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php. | |||||
| CVE-2010-4834 | 1 Oneorzero | 1 Aims | 2012-02-14 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4808 | 2 Joomla, Joomlaextensions | 2 Joomla\!, Com Hmcommunity | 2012-02-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. | |||||
| CVE-2011-4811 | 1 Bst | 1 Bestshoppro | 2012-02-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter. | |||||
| CVE-2011-4823 | 2 Extensionsforjoomla, Joomla | 2 Com Vikrealestate, Joomla\! | 2012-02-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php. | |||||
| CVE-2011-4826 | 1 Autosectools | 1 V-cms | 2012-02-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5076 | 1 Hudong | 1 Hdwiki | 2012-02-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4986 | 1 Cafuego | 1 Simple Document Management System | 2012-02-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter. | |||||
| CVE-2005-3877 | 1 Cafuego | 1 Simple Document Management System | 2012-02-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php. | |||||
| CVE-2011-5071 | 1 Sitracker | 1 Support Incident Tracker | 2012-02-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5072 | 1 Sitracker | 1 Support Incident Tracker | 2012-02-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php. | |||||
| CVE-2011-4215 | 1 Oneorzero | 1 Aims | 2012-01-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable. | |||||
| CVE-2012-0912 | 1 Stone-ware | 1 Webnetwork | 2012-01-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-5059 | 1 Cmscout | 1 Cmscout | 2012-01-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action. | |||||
| CVE-2011-5022 | 1 Pligg | 1 Pligg Cms | 2011-12-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter. | |||||
| CVE-2011-4829 | 2 Barter-sites, Joomla | 2 Com Listing, Joomla\! | 2011-12-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. | |||||
| CVE-2009-3820 | 2 Flagbit, Typo3 | 2 Fb Filebase, Typo3 | 2011-12-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-4671 | 2 Adrotateplugin, Wordpress | 2 Adrotate, Wordpress | 2011-12-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL). | |||||
| CVE-2011-4349 | 1 Freedesktop | 1 Colord | 2011-12-12 | 4.6 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id. | |||||
| CVE-2011-2917 | 1 Mambo-foundation | 1 Mambo | 2011-12-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter. | |||||
| CVE-2006-5242 | 1 Etomite | 1 Etomite | 2011-12-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-5053 | 2 Joomla, Php-shop-system | 2 Joomla\!, Com Xobbix | 2011-11-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php. | |||||
| CVE-2010-5022 | 2 Harmistechnology, Joomla | 2 Com Jesubmit, Joomla\! | 2011-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | |||||
| CVE-2010-5004 | 1 2daybiz | 1 Polls Script | 2011-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2010-4997 | 1 Olykit | 1 Swoopo Clone 2010 | 2011-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action. | |||||
| CVE-2010-5019 | 1 2daybiz | 1 Online Classified Script | 2011-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter. | |||||
| CVE-2009-3418 | 1 Plume-cms | 1 Plume Cms | 2011-11-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4780 | 1 Enanocms | 1 Enano Cms | 2011-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4830 | 1 T-dreams | 1 Job Career Package | 2011-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter. | |||||
| CVE-2010-4782 | 1 Softwebsnepal | 1 Ananda Real Estate | 2011-09-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807. | |||||
| CVE-2010-4770 | 1 Commodityrentals | 1 Dvd Rentals Script | 2011-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action. | |||||
| CVE-2010-4738 | 1 Raemedia | 1 Real Estate Single And Multi Agent System | 2011-09-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System. | |||||
| CVE-2010-4737 | 1 Hotwebscripts | 1 Hotweb Rentals | 2011-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter. | |||||
| CVE-2010-4736 | 1 Gatesoft | 1 Docusafe | 2011-09-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4839 | 2 Edgetechweb, Wordpress | 2 Event Registration, Wordpress | 2011-09-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action. | |||||
| CVE-2006-0115 | 1 Oneplug Solutions | 1 Oneplug Cms | 2011-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp. | |||||
| CVE-2005-4478 | 1 Papoo | 1 Papoo | 2011-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the (2) forumid and (3) reporeid_print parameters to (c) print.php. | |||||
| CVE-2006-1049 | 1 Joomla | 1 Joomla | 2011-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2011-1342 | 1 Aimluck | 2 Aipo, Aipo-asp | 2011-08-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ASP before 5.1.1, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||