Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4338 | 1 Vacilanda | 1 Brilliant Gallery | 2018-10-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters. | |||||
| CVE-2008-4328 | 1 Easyrealtorpro | 1 Easyrealtorpro | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters. | |||||
| CVE-2008-4205 | 1 Attachmax | 1 Dolphin | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4072 | 1 Phsdev | 1 Phsblog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588. | |||||
| CVE-2008-3948 | 1 Xrms | 1 Xrms Crm | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors. | |||||
| CVE-2008-3888 | 1 Aspindir | 1 Mini Nuke Freehost | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action. | |||||
| CVE-2008-3880 | 1 Zoneminder | 1 Zoneminder | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. | |||||
| CVE-2008-3867 | 1 Cce-interact | 1 Interact | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter. | |||||
| CVE-2008-3845 | 1 Craftysyntax | 1 Crafty Syntax Live Help | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php. | |||||
| CVE-2008-3768 | 1 Turnkeywebtools | 1 Sunshop Shopping Cart | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors. | |||||
| CVE-2008-3762 | 1 Turnkeywebtools | 1 Php Live Helper | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php. | |||||
| CVE-2008-3582 | 1 Keld | 1 Php-mysql News Script | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-3563 | 1 Plogger | 1 Plogger | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings. | |||||
| CVE-2008-3556 | 1 Haudenschilt | 1 Battlenet Clan Script | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522. | |||||
| CVE-2008-3513 | 1 Php Nuke | 1 Basis Consultant Book Catalog | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php. | |||||
| CVE-2008-3512 | 1 Php Nuke | 1 Kleinanzeigen Module | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php. | |||||
| CVE-2008-3388 | 1 Easy-script | 1 Def Blog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php. | |||||
| CVE-2008-3374 | 1 Gregarius | 1 Gregarius | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action. | |||||
| CVE-2008-3369 | 1 Viart | 1 Viart Shop | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2008-3347 | 1 Myiosoft | 1 Easydynamicpages | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter. | |||||