Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7038 | 2 Maxdev, Phpnuke | 2 My Egallery, Php-nuke | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. | |||||
| CVE-2008-6509 | 1 Igniterealtime | 1 Openfire | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp. | |||||
| CVE-2008-6180 | 1 Newlife Blogger | 1 Newlife Blogger | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie. | |||||
| CVE-2008-6234 | 2 Joomla, Mambo-foundation | 4 Com Musica, Joomla, Com Musica and 1 more | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2008-6250 | 1 Comdev | 1 Comdev Web Blogger | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page. | |||||
| CVE-2008-6255 | 1 Vbulletin | 1 Vbulletin | 2018-10-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php. | |||||
| CVE-2008-6256 | 1 Vbulletin | 1 Vbulletin | 2018-10-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022. | |||||
| CVE-2008-6866 | 1 Php-nuke | 1 Current Issue Module | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action. | |||||
| CVE-2008-6880 | 1 Easysitenetwork | 1 Jokes Complete Website | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6980 | 1 Phpadultsite | 1 Phpadultsite Cms | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to execute arbitrary SQL commands via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6985 | 1 Zen-cart | 1 Zen Cart | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart. | |||||
| CVE-2008-6986 | 1 Zen-cart | 1 Zen Cart | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985. | |||||
| CVE-2008-6989 | 1 Ezphotogallery | 1 Ezphotogallery | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-6593 | 2 Lightneasy, Sqlite | 2 Lightneasy, Sqlite | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. | |||||
| CVE-2008-6394 | 1 Cs-cart | 1 Cs-cart | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter. | |||||
| CVE-2008-6572 | 1 Abledating | 1 Abledating | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | |||||
| CVE-2008-6418 | 1 Torrenttrader | 1 Torrenttrader | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter. | |||||
| CVE-2008-6266 | 1 Appstate | 1 Phpwebsite | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action. | |||||
| CVE-2008-6618 | 1 Netlab | 1 Classsystem | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php. | |||||
| CVE-2008-6438 | 2 E107, E107coders | 2 E107, Macguru Blog Engine Plugin | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected. | |||||
| CVE-2008-6517 | 1 Nick Jenkin | 1 Newshowler | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote attackers to execute arbitrary SQL commands via the news_user cookie parameter. | |||||
| CVE-2008-6427 | 1 Hivemaker | 1 Hivemaker | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-6728 | 1 Phpnuke | 1 Php-nuke | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php. | |||||
| CVE-2008-5957 | 2 Joomla, Mydyngallery | 2 Joomla, Mydyngallery | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php. | |||||
| CVE-2008-5707 | 1 Aspindir | 1 Iltaweb Alisveris Sistemi | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter. | |||||
| CVE-2008-6043 | 1 Phpprobid | 1 Php Pro Bid | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6149 | 2 Joomla, Joomlaapps | 2 Joomla, Com Mdigg | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php. | |||||
| CVE-2008-6069 | 2 123flashchat, E107 | 2 Echat Plugin, E107 | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter. | |||||
| CVE-2008-6038 | 1 Mapcal | 1 Mapcal | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MapCal 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an editevent action, possibly related to dsp_editevent.php. | |||||
| CVE-2008-5998 | 1 Drupal | 2 Ajax Checklist, Drupal | 2018-10-11 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters. | |||||
| CVE-2008-5097 | 1 Myfwb | 1 Myfwb | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-5163 | 1 Theratstudios | 1 The Rat Cms | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php. | |||||
| CVE-2008-5222 | 1 Dvbbs | 1 Dvbbs | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-5268 | 1 Aspportal | 1 Aspportal | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter. | |||||
| CVE-2008-5336 | 1 Bdigital Web Solutions | 1 Webstudio Cms | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | |||||
| CVE-2008-5051 | 2 Jooblog, Joomla | 2 Jooblog, Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php. | |||||
| CVE-2008-4777 | 2 Joomla, Mambo | 3 Com Lms, Joomla, Mambo | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. | |||||
| CVE-2008-4732 | 2 Pressography, Wordpress | 2 Wp Comment Remix Plugin, Wordpress | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2008-4611 | 1 Php Arsivimiz | 1 Php Ziyaretci Defteri | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. | |||||
| CVE-2008-4778 | 1 Dream4 | 1 Koobi Cms | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action. | |||||
| CVE-2008-4205 | 1 Attachmax | 1 Dolphin | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4328 | 1 Easyrealtorpro | 1 Easyrealtorpro | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters. | |||||
| CVE-2008-4364 | 1 Parsagostar | 1 Parsaweb Cms | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page. | |||||
| CVE-2008-4423 | 1 Ovidentia | 1 Ovidentia | 2018-10-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action. | |||||
| CVE-2008-4458 | 1 E-php Scripts | 1 B2b Trading Marketplace Script | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action. | |||||
| CVE-2008-4338 | 1 Vacilanda | 1 Brilliant Gallery | 2018-10-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters. | |||||
| CVE-2008-3888 | 1 Aspindir | 1 Mini Nuke Freehost | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action. | |||||
| CVE-2008-3880 | 1 Zoneminder | 1 Zoneminder | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. | |||||
| CVE-2008-4072 | 1 Phsdev | 1 Phsblog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588. | |||||
| CVE-2008-4078 | 3 Dws Systems Inc., Ledgersmb, Sql-ledger | 3 Sql-ledger, Ledgersmb, Sql-ledger | 2018-10-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||