Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4368 | 1 Ibm | 1 Rational Clearquest | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command. | |||||
| CVE-2007-4095 | 1 Bsm Store | 1 Dependent Forums | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp. | |||||
| CVE-2007-4173 | 1 Hunkaray Okul | 1 Portaly | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080. | |||||
| CVE-2007-4207 | 1 Kerberosdev | 1 Gallery In A Box | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: these fields might be associated with the txtUsername and txtPassword parameters. | |||||
| CVE-2007-3884 | 1 Aspindir | 1 Husrevforum | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected. | |||||
| CVE-2007-3563 | 1 Avscripts | 1 Av Arcade | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php. | |||||
| CVE-2007-3705 | 1 Fusetalk | 1 Fusetalk | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm. | |||||
| CVE-2018-14058 | 1 Pimcore | 1 Pimcore | 2018-10-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pimcore before 5.3.0 allows SQL Injection via the REST web service API. | |||||
| CVE-2018-1000653 | 1 Zzcms | 1 Zzcms | 2018-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx. | |||||
| CVE-2018-15151 | 1 Open-emr | 1 Openemr | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. | |||||
| CVE-2018-15149 | 1 Open-emr | 1 Openemr | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter. | |||||
| CVE-2018-15150 | 1 Open-emr | 1 Openemr | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php. | |||||
| CVE-2018-15148 | 1 Open-emr | 1 Openemr | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter. | |||||
| CVE-2018-15147 | 1 Open-emr | 1 Openemr | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter. | |||||
| CVE-2009-0302 | 1 Php-nuke | 1 Downloads Module | 2018-10-11 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php. | |||||
| CVE-2009-0339 | 1 Dmxready | 1 Blog Manager | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action. | |||||
| CVE-2009-0377 | 1 Joomla | 2 Com Beamospetition, Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132. | |||||
| CVE-2009-0409 | 1 Mzbservices | 1 Max.blog | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-0429 | 1 Activewebsoftwares | 1 Active Bids | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php. | |||||
| CVE-2009-0516 | 1 Businessspace | 1 Businessspace | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||