Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0916 | 1 Highwood Design | 1 Hwdvideoshare | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php. | |||||
| CVE-2008-0360 | 1 Blog Cms | 1 Blog Cms | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php. | |||||
| CVE-2008-0224 | 1 Runcms | 1 Runcms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. | |||||
| CVE-2008-0139 | 1 Loudblog | 1 Loudblog | 2017-10-19 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter. | |||||
| CVE-2007-6172 | 1 Wire Plastic Design | 1 Wpquiz | 2017-10-19 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php. | |||||
| CVE-2007-6137 | 1 P3mbo | 1 Content Injector | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6134 | 1 Phpkit | 1 Phpkit | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773. | |||||
| CVE-2007-4966 | 1 Gforge | 1 Gforge | 2017-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. | |||||
| CVE-2007-0582 | 1 Chernobile | 1 Chernobile | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field. | |||||
| CVE-2007-0196 | 1 Motionborg | 1 Motionborg Web Real Estate | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-6880 | 1 Php-update | 1 Php-update | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter. | |||||
| CVE-2006-6848 | 1 Aspticker | 1 Aspticker | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. | |||||
| CVE-2006-6038 | 1 Powie | 1 Pforum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3904 | 1 Etomite | 1 Etomite | 2017-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-0961 | 1 Cilem | 1 Cilem Haber | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name. | |||||
| CVE-2017-14758 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | |||||
| CVE-2017-14757 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | |||||
| CVE-2017-13068 | 1 Qnap | 1 Qts Helpdesk | 2017-10-13 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack. | |||||
| CVE-2017-1000120 | 1 Frappe | 1 Frappe | 2017-10-13 | 6.5 MEDIUM | 8.8 HIGH |
| [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | |||||
| CVE-2015-2146 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2017-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php. | |||||