Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0281 | 1 Warhound | 1 Walking Club | 2025-04-09 | N/A |
| SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||||
| CVE-2007-0350 | 1 Sme | 1 Filemailer | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346. | ||||
| CVE-2009-0292 | 1 Shop-inet | 1 Shop-inet | 2025-04-09 | N/A |
| SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter. | ||||
| CVE-2009-0295 | 1 Itlpoll | 1 Itpoll | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-0297 | 1 Clicktech | 1 Clickauction | 2025-04-09 | N/A |
| SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6747 | 1 Dreaxteam | 1 Xt-news | 2025-04-09 | N/A |
| SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter. | ||||
| CVE-2009-0963 | 1 Xlinesoft | 1 Phprunner | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php. | ||||
| CVE-2007-6586 | 1 Niclor | 1 Niclor | 2025-04-09 | N/A |
| SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php. | ||||
| CVE-2007-6579 | 1 Ip Reg | 1 Ip Reg | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors. NOTE: it was later reported that the vlanview.php and vlandel.php vectors are also in 0.4. | ||||
| CVE-2007-6578 | 1 Zeak.net | 1 Php Zlink | 2025-04-09 | N/A |
| SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6457 | 2 Typo3, Walnutstreet | 2 Typo3, Cgswigmore | 2025-04-09 | N/A |
| SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-0709 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2025-04-09 | N/A |
| SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0706 | 3 Joomla, Mambo, Simple-review | 3 Joomla, Mambo, Com Simple Review | 2025-04-09 | N/A |
| SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. | ||||
| CVE-2008-0133 | 1 Thomas Perez | 1 Tribisur | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action. | ||||
| CVE-2006-7170 | 1 Koan Software | 1 Mega Mall | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php. | ||||
| CVE-2007-5430 | 1 Scottmanktelow | 1 Stride Cms | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem. | ||||
| CVE-2008-0279 | 1 Xforum | 1 Xforum | 2025-04-09 | N/A |
| SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected. | ||||
| CVE-2008-0142 | 1 Webportal | 1 Webportal Cms | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors. | ||||
| CVE-2008-4497 | 1 Built2go | 1 Real Estate Listings | 2025-04-09 | N/A |
| SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | ||||
| CVE-2007-6288 | 1 Tecnick.com | 1 Tcexam | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||