Total
17802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1676 | 1 Maxdev | 1 Md-pro | 2025-04-03 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP. | |||||
| CVE-2006-0586 | 1 Oracle | 2 Application Server, Oracle10g | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues. | |||||
| CVE-2005-2035 | 1 Cool Cafe Chat | 1 Cool Cafe Chat | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password. | |||||
| CVE-2005-1500 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well. | |||||
| CVE-2005-4515 | 1 Lois Software | 1 Webdb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database system used by many of the clients of Lois Software. The flaw that was identified was some code that was added for a client to do some testing of his system and only certain safe commands were allowed. This code has now been removed and it is not now possible to use SQL queries as part of the query string. No installation or patch is required All clients use a common code library and have their own front end and databases and connections. So as soon as a change / upgrade / enhancement is made to the code, all users of the software begin to use the latest changes immediately." Since the issue appeared in a custom web site and no action is required on the part of customers, this issue should not be included in CVE | |||||
| CVE-2004-2746 | 1 Pensacola Web Designs | 1 Xtremeasp Photogallery | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2005-3845 | 1 Ezinvoiceinc | 1 Ez Invoice Inc | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this small issue." | |||||
| CVE-2006-2103 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 2.1 LOW | N/A |
| SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. | |||||
| CVE-2002-0999 | 1 Care 2002 | 1 Care 2002 | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations. | |||||
| CVE-2005-4228 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier. | |||||
| CVE-2006-1751 | 1 Michiel Van Baak | 1 Mvblog | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-4195 | 2 Internet Scout, Internet Scout Project | 2 Scout Portal Toolkit, Scout Portal Toolkit | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0. | |||||
| CVE-2005-0252 | 1 Guillaumegardey | 1 Biborb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password. | |||||
| CVE-2005-4495 | 1 Spiremedia | 1 Mx7 | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB have both performed additional research that suggests that this might be path disclosure from invalid SQL syntax | |||||
| CVE-2005-4711 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4073 | 1 Cfmagic | 1 Magic List Pro | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter. | |||||
| CVE-2003-1532 | 1 Julien Desaunay | 1 Phpmyshop | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters. | |||||
| CVE-2002-2305 | 1 Phpsecure.org | 1 Immobilier | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter. | |||||
| CVE-2004-0366 | 1 Pam-pgsql | 1 Pam-pgsql | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements. | |||||
| CVE-2004-2737 | 1 Netsupport | 1 Dna Helpdesk | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter. | |||||