Total
12391 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0115 | 1 Oneplug Solutions | 1 Oneplug Cms | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp. | |||||
CVE-2006-0510 | 1 Daffodil Software | 1 Daffodil Crm | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action. | |||||
CVE-2006-0192 | 1 Philip Loftin | 1 Aspsurvey | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. | |||||
CVE-2005-3845 | 1 Ezinvoiceinc | 1 Ez Invoice Inc | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this small issue." | |||||
CVE-2005-3686 | 1 Newsboard | 1 Unclassified Newsboard | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php. | |||||
CVE-2006-3430 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | |||||
CVE-2005-3996 | 1 Zen-cart | 1 Zen Cart | 2024-02-28 | 5.1 MEDIUM | N/A |
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. | |||||
CVE-2006-2103 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 2.1 LOW | N/A |
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. | |||||
CVE-2005-3553 | 1 Phpkit | 1 Phpkit | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable). | |||||
CVE-2006-0961 | 1 Cilem | 1 Cilem Haber | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name. | |||||
CVE-2006-0199 | 1 Mini-nuke | 1 Cms System | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | |||||
CVE-2006-2760 | 1 Warpspeed | 1 4nforum | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
CVE-2005-1017 | 1 Maxwebportal | 1 Maxwebportal | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp. | |||||
CVE-2006-1049 | 1 Joomla | 1 Joomla | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. | |||||
CVE-2006-3688 | 1 Francisco Charrua | 1 Photo-gallery | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2005-2035 | 1 Cool Cafe Chat | 1 Cool Cafe Chat | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password. | |||||
CVE-2005-4380 | 1 Bitweaver | 1 Bitweaver | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php. | |||||
CVE-2005-3744 | 1 Phpcomasy | 1 Phpcomasy | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php. | |||||
CVE-2005-1500 | 1 Mywebland | 1 Mybloggie | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well. | |||||
CVE-2006-4756 | 1 Accomplishtechnology | 1 Phpmydirectory | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |