Total
12885 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2090 | 1 Mysmartbb | 1 Mysmartbb | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters. | |||||
| CVE-2006-4214 | 1 Zen Cart | 1 Zen Cart | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php). | |||||
| CVE-2006-0750 | 1 Supersmashbrothers | 1 Army System | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php. | |||||
| CVE-2004-2716 | 1 Php Heaven | 1 Phpmychat | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | |||||
| CVE-2006-3960 | 1 X-scripts | 1 X-poll | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3048 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2005-4199 | 1 Mybb | 1 Mybb | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. | |||||
| CVE-2006-1330 | 1 Phpwebsite | 1 Phpwebsite | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. | |||||
| CVE-2006-0586 | 1 Oracle | 2 Application Server, Oracle10g | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues. | |||||
| CVE-2005-4040 | 1 Tawbaware | 1 Filelister | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp. | |||||
| CVE-2005-4617 | 1 Forperfect | 1 Csupport | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter. | |||||
| CVE-2006-3064 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. | |||||
| CVE-2005-3748 | 1 Tru-zone | 1 Nukeet | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2005-4071 | 1 Cfmagic | 1 Magic Forum Personal | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. | |||||
| CVE-2006-2259 | 1 Maxxcode | 1 Maxxschedule | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | |||||
| CVE-2005-2983 | 1 Oracle | 1 Reports | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. | |||||
| CVE-2006-2973 | 1 Php Lite | 1 Calendar Express | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c. | |||||
| CVE-2005-3817 | 1 Softbiz | 1 Web Hosting Directory Script | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module. | |||||
| CVE-2005-4073 | 1 Cfmagic | 1 Magic List Pro | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter. | |||||
| CVE-2006-2239 | 1 Tuomas Airaksinen | 1 Newsadmin | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows remote attackers to execute arbitrary SQL commands via the nid parameter. | |||||