Total
12380 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3840 | 1 Omnistar Interactive | 1 Omnistar Live | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. NOTE: due to a typo, an Internet Explorer issue was incorrectly assigned this identifier, but the correct identifier is CVE-2005-3240. | |||||
| CVE-2006-2977 | 1 Mafia Moblog | 1 Mafia Moblog | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter. | |||||
| CVE-2006-2157 | 1 Plogger | 1 Plogger | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246. | |||||
| CVE-2006-4039 | 1 Chaossoft | 1 Gaestechaos | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters. | |||||
| CVE-2006-0269 | 1 Oracle | 1 Oracle10g | 2024-02-28 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the SET_DIRECTORY_ROOT function in the DBMS_CDC_PUBLISH package. | |||||
| CVE-2005-4244 | 1 Snipegallery | 1 Snipe Gallery | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. | |||||
| CVE-2005-4228 | 1 Phpwebgallery | 1 Phpwebgallery | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier. | |||||
| CVE-2005-4632 | 1 Vote Pro | 1 Vote Pro | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | |||||
| CVE-2006-0123 | 1 Adn Forum | 1 Adn Forum | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors. | |||||
| CVE-2006-3318 | 1 Spiffyjr | 1 Phpraid | 2024-02-28 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters. | |||||
| CVE-2006-0249 | 1 Bitdamaged | 1 Geoblog | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable). | |||||
| CVE-2005-3325 | 2 Acid, Secureideas | 2 Analysis Console For Intrusion Databases, Basic Analysis And Security Engine | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters. | |||||
| CVE-2006-0318 | 1 Insane Visions | 1 Blogphp | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | |||||
| CVE-2006-3904 | 1 Etomite | 1 Etomite | 2024-02-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-1500 | 1 Tilde | 1 Tilde Cms | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-4736 | 1 Cms.r. | 1 Cms.r. | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-0205 | 1 Wordcircle | 1 Wordcircle | 2024-02-28 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts. | |||||
| CVE-2006-4010 | 1 Vwar | 1 Virtual War | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139. | |||||
| CVE-2006-0240 | 1 8pixel.net | 1 Simple Blog | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts. | |||||
| CVE-2006-1018 | 1 Dci-designs | 1 Dawaween | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action. | |||||