Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3319 | 1 Dimofinf | 1 Dawaween | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018. | |||||
| CVE-2009-3494 | 1 Todor Lazarov | 1 T-htb Manager | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors. | |||||
| CVE-2009-3439 | 1 Alienvault | 1 Ossim | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu. | |||||
| CVE-2009-2734 | 1 Achievo | 1 Achievo | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php. | |||||
| CVE-2009-2579 | 1 Cs-cart | 1 Cs-cart | 2018-10-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2. | |||||
| CVE-2009-2451 | 1 Mim.infinix | 1 Infinix | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form. | |||||
| CVE-2009-2598 | 1 Onlinegrades | 1 Online Grades | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php. | |||||
| CVE-2009-2573 | 1 Bioscripts | 1 Minitwitter | 2018-10-10 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php. | |||||
| CVE-2009-2608 | 1 Chatelao | 1 Php Address Book | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565. | |||||
| CVE-2009-2290 | 2 Joomla, Kim Eckert | 2 Joomla\!, Com Bsadv | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php. | |||||
| CVE-2009-2359 | 1 Yasinkaplan | 1 Tekradius | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command. | |||||
| CVE-2009-2157 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the delreport parameter to takedelreport.php; (12) the delreq parameter to takedelreq.php; (13) the clases parameter to takestaffmess.php; and (14) the warndisable parameter to takewarndisable.php; and allow remote attackers to execute arbitrary SQL commands via (15) the wherecatin parameter to browse.php, (16) the limit parameter to today.php, and (17) the where parameter to torrents-details.php. | |||||
| CVE-2009-2036 | 1 Geekbill | 1 Open Biller | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-2354 | 1 Nulllogic | 1 Groupware | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-2164 | 1 Kjtechforce | 1 Mailman | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php. | |||||
| CVE-2009-2269 | 1 Phome Empire | 1 Phome Empire Cms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/. | |||||
| CVE-2009-2097 | 1 Zokisoft | 1 Zoki Catalog | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2361 | 1 Osticket | 1 Osticket | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter. | |||||
| CVE-2009-1910 | 1 Rafal Kucharski | 1 Rtwebalbum | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter. | |||||
| CVE-2009-2010 | 1 Haudenschilt | 1 Family Connections Cms | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter. | |||||