Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2618 | 1 Maxdev | 1 Mdpro | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php. | |||||
| CVE-2009-2638 | 2 Joomla, Konze | 2 Joomla, Com Akobook | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php. | |||||
| CVE-2009-2639 | 1 Mrcgiguy | 1 The Ticket System | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action. | |||||
| CVE-2009-3975 | 1 Moagallery | 1 Moa | 2017-09-18 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action. | |||||
| CVE-2009-2735 | 1 Sun-jester | 1 Opennews | 2017-09-18 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-2774 | 1 Php-paid4mail | 1 Php-paid4mail | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2009-2775 | 1 Phparcadescript | 1 Phparcadescript | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2777 | 1 Garagesalesjunkie | 1 Garagesales Script | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2009-2781 | 1 Arabportal | 1 Arab Portal | 2017-09-18 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666. | |||||
| CVE-2009-2782 | 2 Jfusion, Joomla | 2 Com Jfusion, Joomla | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2009-2786 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter. | |||||
| CVE-2009-2788 | 1 Mobilelib | 1 Mobilelib Gold | 2017-09-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php. | |||||
| CVE-2009-2881 | 1 Artis.imag | 1 Basilic | 2017-09-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/. | |||||
| CVE-2009-2883 | 1 Arabless | 1 Saphplesson | 2017-09-18 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php. | |||||
| CVE-2009-2892 | 1 Scripteen | 1 Free Image Hosting Script | 2017-09-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie. | |||||
| CVE-2009-2895 | 1 Phpsugar | 1 Ultimate Regnow Affiliate | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2009-2924 | 1 Videosbroadcastyourself | 1 Videos Broadcast Yourself | 2017-09-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php. | |||||
| CVE-2009-2921 | 1 Mocdesigns | 1 Php News | 2017-09-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field). | |||||
| CVE-2009-2926 | 1 Phpcompet.free | 1 Php Competition System | 2017-09-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php. | |||||
| CVE-2009-2929 | 1 Tgs-cms | 1 Tgs Content Management | 2017-09-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions. | |||||