Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4437 | 1 Activewebsoftwares | 1 Active Auction House | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1. | |||||
| CVE-2009-1034 | 1 Drupal | 1 Tasklist | 2017-08-16 | 10.0 HIGH | N/A |
| SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI. | |||||
| CVE-2009-1065 | 1 Getpixie | 1 Pixie Cms | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1208 | 2 Auth2db, Auth2dbauth2db | 2 Auth2db, 0.1.1 | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings. | |||||
| CVE-2009-1245 | 1 Cccp-common-clan-portal-pasterbin | 1 Cccp Pastebin | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/submit.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1258 | 2 Joomla, Rd-media | 2 Joomla, Com Rdautos | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1362 | 1 Chcounter | 1 Chcounter | 2017-08-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1481 | 1 Pjhome | 1 Puterjams Blog | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1505 | 1 Drupal | 2 Drupal, News Page | 2017-08-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field. | |||||
| CVE-2009-1657 | 1 B2evolution | 2 B2evolution, Starrating Plugin | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-1731 | 1 Mlffat | 1 Mlffat | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie. | |||||
| CVE-2009-1842 | 1 Phpnuke | 1 Php-nuke | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. | |||||
| CVE-2009-2004 | 1 Dokeos | 1 Dokeos | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902. | |||||
| CVE-2009-2008 | 1 Dokeos | 1 Dokeos | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2. | |||||
| CVE-2009-2093 | 1 Ibm | 1 Websphere Partner Gateway | 2017-08-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-2232 | 1 Softbizscripts | 1 Banner Ad Management Script | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2243 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2365 | 1 Datachecknh | 1 Gallerypal Fe | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2545 | 1 Anelectron | 1 Advanced Electron Forum | 2017-08-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2590 | 1 Resalecode | 1 Hutscripts Php Website Script | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||