Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4163 | 2 Tw Productfinder, Typo3 | 2 Tw Productfinder, Typo3 | 2009-12-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4165 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2009-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4166 | 2 Michal Hadr, Typo3 | 2 Mchtrips, Typo3 | 2009-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4158 | 2 Mario Matzulla, Typo3 | 2 Cal, Typo3 | 2009-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4070 | 1 Gforge | 1 Gforge | 2009-11-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2009-3961 | 1 Jos De Ruijter | 1 Superseriousstats | 2009-11-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an "incorrect regexp." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4037 | 1 Frontaccounting | 1 Frontaccounting | 2009-11-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/. | |||||
| CVE-2009-4045 | 1 Frontaccounting | 1 Frontaccounting | 2009-11-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/. | |||||
| CVE-2009-4046 | 1 Frontaccounting | 1 Frontaccounting | 2009-11-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/. | |||||
| CVE-2009-3813 | 1 Runcms | 1 Runcms | 2009-10-27 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php. | |||||
| CVE-2009-3801 | 1 Opendocman | 1 Opendocman | 2009-10-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3804 | 1 Runcms | 1 Runcms | 2009-10-27 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter. | |||||
| CVE-2009-3642 | 1 Frontrange | 1 Heat | 2009-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-3644 | 2 Joomla, Soundset | 2 Joomla\!, Com Soundset | 2009-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php. | |||||
| CVE-2009-3645 | 2 Joomla, Joomlacache | 2 Joomla\!, Com Cbresumebuilder | 2009-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php. | |||||
| CVE-2009-3491 | 2 Joomla, Kinfusion | 2 Joomla\!, Com Sportfusion | 2009-10-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php. | |||||
| CVE-2009-3499 | 1 Bpowerhouse | 1 Bplawyercasedocuments | 2009-09-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2009-3495 | 1 Vastal | 1 Dvd Zone | 2009-09-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465. | |||||
| CVE-2009-3497 | 1 Vastal | 1 Agent Zone | 2009-09-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-3498 | 1 Hbcms | 1 Hbcms | 2009-09-30 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||