Total
11310 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1330 | 1 Phpwebsite | 1 Phpwebsite | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. | |||||
CVE-2006-2760 | 1 Warpspeed | 1 4nforum | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
CVE-2006-3904 | 1 Etomite | 1 Etomite | 2023-12-10 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2005-3553 | 1 Phpkit | 1 Phpkit | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable). | |||||
CVE-2006-3775 | 1 Mybulletinboard | 1 Mybulletinboard | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. | |||||
CVE-2006-0586 | 1 Oracle | 2 Application Server, Oracle10g | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues. | |||||
CVE-2006-0692 | 1 Carey Briggs | 1 Php Mysql Timesheet | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php. | |||||
CVE-2004-2716 | 1 Php Heaven | 1 Phpmychat | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | |||||
CVE-2006-0318 | 1 Insane Visions | 1 Blogphp | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | |||||
CVE-2004-1553 | 1 Fullrevolution | 1 Aspwebalbum | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action. | |||||
CVE-2003-1458 | 1 Ttcms | 2 Ttcms, Ttforum | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name. | |||||
CVE-2004-1925 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php. | |||||
CVE-2002-2252 | 1 Atthat.com | 1 Thatware | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter. | |||||
CVE-2002-2304 | 1 Myphpsoft | 1 Myphplinks | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/auth/checksession.php in MyPHPLinks 2.1.9 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the idsession parameter. | |||||
CVE-2003-1533 | 1 Phppass | 1 Phppass | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. | |||||
CVE-2002-2305 | 1 Phpsecure.org | 1 Immobilier | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter. | |||||
CVE-2002-2277 | 1 Portail Web Php | 1 Portail Web Php | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to execute arbitrary SQL commands via the (1) $rech, (2) $BD_Tab_docs, (3) $BD_Tab_file, (4) $BD_Tab_liens, (5) $BD_Tab_faq, or (6) $chemin variables. | |||||
CVE-2002-2383 | 1 F2html.pl | 1 F2html.pl | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote attackers to execute arbitrary SQL commands via file names. | |||||
CVE-2003-1523 | 1 Dbmail | 1 Dbmail | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors. | |||||
CVE-2002-2391 | 2 Webchat.org, Xoops | 2 Webchat, Xoops | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. |