Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1741 | 1 Dutchmonkey | 1 Dm Filemanager | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | |||||
| CVE-2009-1508 | 1 Keir Davis | 1 X-forum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php. | |||||
| CVE-2009-1317 | 1 Aquacms | 1 Aqua Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php. | |||||
| CVE-2009-1742 | 1 Pc4arb | 1 Pc4 Uploader | 2017-09-29 | 7.5 HIGH | N/A |
| code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function. | |||||
| CVE-2009-1819 | 1 2daybiz | 1 Custom T-shirt Design Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2034 | 1 Ricardo Alexandre De Oliveira Staudt | 1 Yogurt | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter. | |||||
| CVE-2009-1347 | 1 Chcounter | 1 Chcounter | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field). | |||||
| CVE-2009-1032 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter. | |||||
| CVE-2009-1548 | 1 Qsix | 1 Blusky Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action. | |||||
| CVE-2009-2102 | 2 Com Jumi, Joomla | 2 Com Jumi, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php. | |||||
| CVE-2009-1747 | 1 26thavenue | 1 Bspeak | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action. | |||||
| CVE-2009-1751 | 1 Realtywebware | 1 Realty Web-base | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1229 | 1 Arcadwy | 1 Arcadwy Arcade Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter. | |||||
| CVE-2009-0768 | 1 Yapbb | 1 Yapbb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action. | |||||
| CVE-2009-1736 | 1 Joomla | 2 Com Gsticketsystem, Joomla\! | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php. | |||||
| CVE-2009-2154 | 1 Sappy.dk | 1 Impleo Music Collection | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-2013 | 1 Frontisgroup | 1 Frontis | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action. | |||||
| CVE-2009-0965 | 1 Ismail Fahmi | 1 Ganesha Digital Library | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php. | |||||
| CVE-2009-2099 | 2 Ijoomla, Joomla | 2 Com Rssfeeder, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php. | |||||
| CVE-2009-1655 | 1 Easy-scripts | 1 Answer And Question Script | 2017-09-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password. | |||||