Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3948 | 1 Xrms | 1 Xrms Crm | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors. | |||||
| CVE-2008-3867 | 1 Cce-interact | 1 Interact | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter. | |||||
| CVE-2008-3845 | 1 Craftysyntax | 1 Crafty Syntax Live Help | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php. | |||||
| CVE-2008-3768 | 1 Turnkeywebtools | 1 Sunshop Shopping Cart | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors. | |||||
| CVE-2008-3762 | 1 Turnkeywebtools | 1 Php Live Helper | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php. | |||||
| CVE-2008-3343 | 1 Myiosoft | 1 Easypublish | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action. | |||||
| CVE-2008-3563 | 1 Plogger | 1 Plogger | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings. | |||||
| CVE-2008-3556 | 1 Haudenschilt | 1 Battlenet Clan Script | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522. | |||||
| CVE-2008-3513 | 1 Php Nuke | 1 Basis Consultant Book Catalog | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php. | |||||
| CVE-2008-3512 | 1 Php Nuke | 1 Kleinanzeigen Module | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php. | |||||
| CVE-2008-3388 | 1 Easy-script | 1 Def Blog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php. | |||||
| CVE-2008-3374 | 1 Gregarius | 1 Gregarius | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action. | |||||
| CVE-2008-3369 | 1 Viart | 1 Viart Shop | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2008-3582 | 1 Keld | 1 Php-mysql News Script | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-3347 | 1 Myiosoft | 1 Easydynamicpages | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter. | |||||
| CVE-2008-3297 | 1 Social Engine | 1 Social Engine | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php. | |||||
| CVE-2008-3206 | 1 Iamilkay | 1 Yuhhu Pubs Black Cat | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black Cat allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2008-3185 | 1 Vclcomponents | 1 Relative Real Estate Systems | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action. | |||||
| CVE-2008-3151 | 2 Phpnuke, Warpspeed | 2 4ndvddb, 4ndvddb | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action. | |||||
| CVE-2008-3034 | 1 Rss Aggregator | 1 Rss Aggregator | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php. | |||||
| CVE-2008-2995 | 1 Phpeasydata | 1 Phpeasydata | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php. | |||||
| CVE-2008-2968 | 1 Yektaweb | 1 Academic Web Tools | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||||
| CVE-2008-2917 | 1 Preprojects | 1 E-smart Cart | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in productsofcat.asp in E-SMART CART allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2008-2916 | 1 Preprojects | 1 Pre Ads Portal | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to showcategory.php and the (2) id parameter to software-description.php. | |||||
| CVE-2008-2914 | 1 Preprojects | 1 Php Jobwebsite Pro | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2862 | 1 Elinestudio | 1 Site Composer | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp. | |||||
| CVE-2008-2670 | 1 Insanelysimple2 | 1 Isblog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889. | |||||
| CVE-2008-2642 | 1 Kmrg-itb | 1 Otomigenx | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2652 | 1 Smeweb | 1 Smeweb | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters. | |||||
| CVE-2008-2669 | 1 Y-blog | 1 Yblog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php. | |||||
| CVE-2008-2671 | 1 Dcfm Blog | 1 Dcfm Blog | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2701 | 1 Joomla | 1 Com Gameq | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php. | |||||
| CVE-2008-2781 | 1 Dzoic | 1 Handshakes | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action. | |||||
| CVE-2008-2411 | 1 Sazcart | 1 Sazcart | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action. | |||||
| CVE-2008-2510 | 1 Wordpress | 1 Upload File Plugin | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter. | |||||
| CVE-2008-2509 | 1 Excuse Online | 1 Excuse Online | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pwd.asp in Excuse Online allows remote attackers to execute arbitrary SQL commands via the pID parameter. | |||||
| CVE-2008-2492 | 1 Badongo | 1 Campus Bulletin Board | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp. | |||||
| CVE-2008-2491 | 1 Hotscripts | 1 Ablespace | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-2554 | 1 Bp Blog | 1 Bp Blog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp. | |||||
| CVE-2008-2479 | 1 Badongo | 1 Phpfix | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php. | |||||
| CVE-2008-2460 | 1 Vbulletin | 1 Vbulletin | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action. | |||||
| CVE-2008-2428 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action. | |||||
| CVE-2008-2565 | 1 Php-address Book | 1 Php-address Book | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected. | |||||
| CVE-2008-2454 | 1 Joomla | 1 Com Xsstream-dm | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php. | |||||
| CVE-2008-2572 | 1 Theflashblog | 1 Flashblog | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter. | |||||
| CVE-2008-2633 | 1 Joomla | 2 Com Joomradio, Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php. | |||||
| CVE-2008-2301 | 1 Phpway | 1 Kostenloses Linkmanagementscript | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php. | |||||
| CVE-2008-2339 | 1 Turnkeywebtools | 1 Sunshop Shopping Cart | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549. | |||||
| CVE-2008-2286 | 1 Symantec | 1 Altiris Deployment Solution | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet. | |||||
| CVE-2008-2208 | 1 Maianscriptworld | 1 Maian Greeting | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. | |||||