Total
12394 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-7232 | 2 Canonical, Mysql | 2 Ubuntu Linux, Mysql | 2024-02-28 | 3.5 LOW | N/A |
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. | |||||
CVE-2007-4952 | 1 Omnistar Interactive | 1 Omnistar Article Manager | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917. | |||||
CVE-2008-0795 | 3 Joomla, Mambo, Mgfi | 3 Joomla, Mambo, Xfaq | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | |||||
CVE-2008-0916 | 1 Highwood Design | 1 Hwdvideoshare | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php. | |||||
CVE-2007-1573 | 1 Jelsoft | 1 Vbulletin | 2024-02-28 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. | |||||
CVE-2008-0429 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. | |||||
CVE-2007-3937 | 1 A-shop | 1 A-shop | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-0325 | 1 Fascript | 1 Fapersian Petition | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-0326 | 1 Fascript | 1 Fapersianhack | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php. | |||||
CVE-2007-6269 | 1 Xigla | 1 Absolute News Manager.net | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters. | |||||
CVE-2008-0746 | 2 Joomla, Mambo | 2 Com Gallery, Com Gallery | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||||
CVE-2007-6557 | 1 Megacheatz | 1 Megacheatz | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors. | |||||
CVE-2008-0546 | 1 Shoppingtree | 1 Candypress Store | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp. | |||||
CVE-2007-3933 | 1 Quickestore | 1 Quickestore | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053. | |||||
CVE-2007-5975 | 1 Torrentstrike | 1 Torrentstrike | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-2113 | 1 Oracle | 1 Database Server | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually for multiple issues. | |||||
CVE-2008-0816 | 1 Com Sg | 1 Com Sg | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task. | |||||
CVE-2007-4173 | 1 Hunkaray Okul | 1 Portaly | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080. | |||||
CVE-2007-4920 | 1 Php Webquest | 1 Php Webquest | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter. | |||||
CVE-2007-5187 | 1 Php-fusion | 1 Expanded Calendar Module | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter. |