Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6427 | 1 Carlosgavazzi | 2 Eos-box Photovoltaic Monitoring System, Eos-box Photovoltaic Monitoring System Firmware | 2012-12-24 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861. | |||||
| CVE-2011-4949 | 1 Egroupware | 2 Egroupware, Egroupware Enterprise Line | 2012-12-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-5183 | 1 Bioinformatics | 1 Ordersys | 2012-12-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/. | |||||
| CVE-2012-4971 | 1 Layton Technology | 1 Helpbox | 2012-12-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp. | |||||
| CVE-2012-5550 | 2 Carlos Carvalhar, Drupal | 2 Time Spent, Drupal | 2012-12-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-4479 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2012-12-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-6039 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2012-11-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter. | |||||
| CVE-2008-3070 | 1 Mybb | 1 Mybb | 2012-11-27 | 7.5 HIGH | N/A |
| Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. | |||||
| CVE-2012-1815 | 1 Emerson | 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation | 2012-10-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-5317 | 1 Bigware | 1 Bigware Shop | 2012-10-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action. | |||||
| CVE-2008-5960 | 1 Tribiq | 1 Tribiq Cms | 2012-10-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4826 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2012-10-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3273 | 1 Fusetalk | 1 Fusetalk | 2012-10-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4246 | 1 Plogger | 1 Plogger | 2012-10-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. | |||||
| CVE-2006-4756 | 1 Accomplishtechnology | 1 Phpmydirectory | 2012-10-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2011-4959 | 1 Silverstripe | 1 Silverstripe | 2012-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-5063 | 1 Vwar | 1 Virtual War | 2012-10-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter. | |||||
| CVE-2011-4638 | 1 Spamtitan | 1 Webtitan | 2012-10-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php. | |||||
| CVE-2012-1603 | 1 Nextbbs | 1 Nextbbs | 2012-10-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function. | |||||
| CVE-2012-0973 | 1 Osclass | 1 Osclass | 2012-09-26 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information. | |||||