Total
12391 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1501 | 1 Oneorzero | 1 Oneorzero | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action. | |||||
| CVE-2005-3952 | 1 Php Labs | 1 Top Auction | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0. | |||||
| CVE-2006-0413 | 1 Newsphp | 1 Newsphp | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter. | |||||
| CVE-2005-4478 | 1 Papoo | 1 Papoo | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the (2) forumid and (3) reporeid_print parameters to (c) print.php. | |||||
| CVE-2005-0252 | 1 Guillaumegardey | 1 Biborb | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password. | |||||
| CVE-2004-2695 | 2 Jelsoft, Point-to-point Protocol Project | 2 Vbulletin, Point-to-point Protocol | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267. | |||||
| CVE-2006-2090 | 1 Mysmartbb | 1 Mysmartbb | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters. | |||||
| CVE-2006-4214 | 1 Zen Cart | 1 Zen Cart | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php). | |||||
| CVE-2006-0750 | 1 Supersmashbrothers | 1 Army System | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php. | |||||
| CVE-2004-2716 | 1 Php Heaven | 1 Phpmychat | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | |||||
| CVE-2006-3960 | 1 X-scripts | 1 X-poll | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3048 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2005-4199 | 1 Mybb | 1 Mybb | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. | |||||
| CVE-2006-1330 | 1 Phpwebsite | 1 Phpwebsite | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. | |||||
| CVE-2006-0586 | 1 Oracle | 2 Application Server, Oracle10g | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues. | |||||
| CVE-2005-4040 | 1 Tawbaware | 1 Filelister | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp. | |||||
| CVE-2005-4617 | 1 Forperfect | 1 Csupport | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter. | |||||
| CVE-2006-3064 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. | |||||
| CVE-2005-3748 | 1 Tru-zone | 1 Nukeet | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2005-4071 | 1 Cfmagic | 1 Magic Forum Personal | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. | |||||