Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2128 | 1 Elvinbts | 1 Elvinbts | 2009-06-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field. | |||||
| CVE-2009-2082 | 1 Creative Web Solutions | 1 Multi-level Cms | 2009-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0543 | 1 Proftpd | 1 Proftpd | 2009-06-08 | 6.8 MEDIUM | N/A |
| ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. | |||||
| CVE-2009-1909 | 1 Openskip | 1 Skip | 2009-06-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-1851 | 1 Benjamin Curtis | 1 Phpbugtracker | 2009-06-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1585 | 1 R020 | 1 Tematres | 2009-05-12 | 4.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6802 | 1 Phpexplorer | 1 Phphotogallery | 2009-05-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1433 | 1 Silverstripe | 1 Silverstripe | 2009-04-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter. | |||||
| CVE-2008-6596 | 1 Phpcredo | 1 Phcdownload | 2009-04-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0829 | 1 Andrew Freed | 1 Quotebook | 2009-03-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6338 | 2 Typo3, Weber-ebusiness | 2 Typo3, Wes Facilities | 2009-03-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6344 | 1 Typo3 | 2 Tu-clausthal Staff, Typo3 | 2009-03-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6104 | 1 A4desk | 1 A4desk Flash Event Calendar | 2009-02-25 | 7.5 HIGH | N/A |
| SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php. | |||||
| CVE-2009-0479 | 1 Onlinegrades | 1 Online Grades | 2009-02-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5924 | 1 Asp-dev | 1 Xm Events Diary | 2009-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0287 | 1 Keep Toolkit | 1 Keep Toolkit | 2009-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password. | |||||
| CVE-2009-0431 | 1 Codefixer | 1 Linkspro | 2009-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter. | |||||
| CVE-2008-5923 | 1 Asp-dev | 1 Xm Events Diary | 2009-01-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter. | |||||
| CVE-2009-0121 | 1 Goople Cms | 1 Goople Cms | 2009-01-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6719 | 1 Inspector It | 1 Wiz-ad | 2008-12-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||