Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2103 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 2.1 LOW | N/A |
| SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. | |||||
| CVE-2006-2090 | 1 Mysmartbb | 1 Mysmartbb | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters. | |||||
| CVE-2006-2128 | 1 Deltascripts | 1 Pro Publish | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php. | |||||
| CVE-2006-2268 | 1 Flexcustomer | 1 Flexcustomer | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected. | |||||
| CVE-2006-1962 | 1 Pcpin | 1 Pcpin Chat | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php. | |||||
| CVE-2006-1871 | 1 Oracle | 1 Database Server | 2018-10-18 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06. | |||||
| CVE-2006-1978 | 1 Flexbb | 1 Flexbb | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter. | |||||
| CVE-2006-1676 | 1 Maxdev | 1 Md-pro | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP. | |||||
| CVE-2006-1330 | 1 Phpwebsite | 1 Phpwebsite | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. | |||||
| CVE-2006-1360 | 1 Musicbox | 1 Musicbox | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php. | |||||
| CVE-2006-1423 | 1 Ubbcentral | 1 Ubb.threads | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter. | |||||
| CVE-2006-1278 | 1 Upoint | 1 \@1 File Store | 2018-10-18 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2. | |||||
| CVE-2006-1018 | 1 Dci-designs | 1 Dawaween | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action. | |||||
| CVE-2006-0959 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. | |||||
| CVE-2006-6747 | 1 Dreaxteam | 1 Xt-news | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter. | |||||
| CVE-2006-6349 | 1 Pwp Technologies | 1 The Classified Ad System | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine. | |||||
| CVE-2006-6337 | 1 Aspindir | 1 Aspee Ziyaretci Defteri | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter. | |||||
| CVE-2006-5957 | 1 Infinicart | 1 Infinicart | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying "The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed." | |||||
| CVE-2006-6048 | 1 Etomite | 1 Etomite | 2018-10-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6094 | 1 Dotnetindex | 1 Active News Manager | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp. | |||||