Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0253 | 1 Binn | 1 Sbuilder | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter. | |||||
| CVE-2008-0185 | 1 Netrisk | 1 Netrisk | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php). | |||||
| CVE-2007-6671 | 1 Instantsoftwares | 1 Dating Site | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6658 | 1 Customcms | 1 Ccms | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page. | |||||
| CVE-2007-6634 | 1 Netbizcity | 1 Faqmasterflexplus | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the category_id parameter to faq.php, and unspecified other vectors involving additional scripts. | |||||
| CVE-2007-6566 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php. | |||||
| CVE-2007-6565 | 1 Blakord | 1 Blakord Portal | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component. | |||||
| CVE-2007-6559 | 1 Logaholic | 1 Logaholic | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php. | |||||
| CVE-2007-6544 | 1 Runcms | 1 Runcms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/. | |||||
| CVE-2007-6540 | 1 Neuron | 1 News | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/. | |||||
| CVE-2007-6538 | 2 Moodle, Mrbs | 2 Moodle, Mrbs | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6518 | 1 Woltlab | 1 Burning Board Lite | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters. | |||||
| CVE-2007-6517 | 1 Aeries | 1 Aeries Browser Interface | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6498 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp. | |||||
| CVE-2007-6491 | 1 Kvaliitti | 1 Webdoc Cms | 2018-10-15 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp. | |||||
| CVE-2007-6467 | 1 Mkportal | 1 Mkportal | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. | |||||
| CVE-2007-6375 | 1 Bitweaver | 1 Bitweaver | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue. | |||||
| CVE-2007-6366 | 1 Sinecms | 1 Sinecms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators. | |||||
| CVE-2007-6362 | 1 Joomla | 1 Rs Gallery2 | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action. | |||||
| CVE-2007-6342 | 1 David Castro | 1 Apache Authcas | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie. | |||||