Total
12380 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6140 | 1 Dora Emlak | 1 Dora Emlak | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp. | |||||
CVE-2007-4634 | 1 Cisco | 2 Call Manager, Unified Communications Manager | 2024-02-28 | 9.3 HIGH | N/A |
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265. | |||||
CVE-2007-4716 | 1 Phd | 1 Help Desk | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-0187 | 1 Spacial Audio Solutions | 1 Samphpweb | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter. | |||||
CVE-2007-4881 | 1 Psi-labs | 1 Social Networking Script Psisns | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script (psisns), probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter. | |||||
CVE-2007-6484 | 1 Phprpg | 1 Phprpg | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-3677 | 1 Maxsi | 1 Evisit Analyst | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages. | |||||
CVE-2008-0799 | 2 Joomla, Mambo | 2 Com Quiz, Com Quiz | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action. | |||||
CVE-2007-2000 | 1 Raphael Limbach | 1 Crea-book | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter. | |||||
CVE-2008-0721 | 1 Mambo | 1 Com Sermon | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter. | |||||
CVE-2006-6048 | 1 Etomite | 1 Etomite | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-5992 | 1 Datecomm | 1 Social Networking Script | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page. | |||||
CVE-2008-0937 | 2 Tinyevent, Xoops | 2 Tinyevent, Tiny Event Module | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | |||||
CVE-2007-3273 | 1 Fusetalk | 1 Fusetalk | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-0510 | 2 Joomla, Mambo | 3 Com Newsletter, Com Newsletter, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | |||||
CVE-2007-6551 | 1 Mailmachinepro | 1 Mailmachine Pro | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-0144 | 1 Phprisk | 1 Netrisk | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences. | |||||
CVE-2007-4837 | 1 Proxy Anket | 1 Proxy Anket | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-5508 | 1 Oracle | 1 Database Server | 2024-02-28 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server. | |||||
CVE-2008-0157 | 1 Flexbb | 1 Flexbb | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie. |