Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1994 | 1 Tomatocms | 1 Tomatocms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO. | |||||
| CVE-2010-1521 | 1 Taskfreak | 1 Taskfreak\! | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/classes/tzn_user.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to execute arbitrary SQL commands via the password parameter to login.php. | |||||
| CVE-2010-1522 | 2 Joomla, Ordasoft | 2 Joomla\!, Com Booklibrary | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php. | |||||
| CVE-2010-1463 | 1 Webasyst Llc | 1 Shop-script | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart, (2) c_id, (3) categoryID, (4) list_price, (5) name, (6) new_offer, (7) price, (8) product_code, (9) productID, (10) rating, and (11) save_product parameters. | |||||
| CVE-2010-1904 | 1 Emc | 1 Rsa Key Manager Client | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5.x allows user-assisted remote attackers to execute arbitrary SQL commands via the metadata section of encrypted key data. | |||||
| CVE-2010-1277 | 1 Zabbix | 1 Zabbix | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php. | |||||
| CVE-2010-1078 | 1 Sphere.xlentprojects | 1 Spherecms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism. | |||||
| CVE-2010-0950 | 1 Natychmiast-cms | 1 Natychmiast-cms | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php. | |||||
| CVE-2010-1054 | 1 Parscms | 1 Parscms | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp. | |||||
| CVE-2010-0671 | 1 Michalin | 1 Kr Media Pogodny Cms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action. | |||||
| CVE-2010-0614 | 1 Myshell | 1 Evalsmsi | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions. | |||||
| CVE-2010-0404 | 1 Phpgroupware | 1 Phpgroupware | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/. | |||||
| CVE-2010-0454 | 1 Fabricadigital | 1 Publique\! | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2010-0122 | 1 Timeclock-software | 1 Employee Timeclock Software | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php. | |||||
| CVE-2009-4571 | 1 Phpshop | 1 Phpshop | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681. | |||||
| CVE-2009-4796 | 1 Glfusion | 1 Glfusion | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php. | |||||
| CVE-2009-4884 | 1 Bernhard Frohlich | 1 Phpcom | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php. | |||||
| CVE-2009-4351 | 1 Wscreator | 1 Wscreator | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter. | |||||
| CVE-2009-4719 | 1 Bob Jewell | 1 Discloser | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote attackers to execute arbitrary SQL commands via the more parameter. | |||||
| CVE-2009-4745 | 1 Dreamlevels | 1 Dreampoll | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action. | |||||