Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- Category (CWE): CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2005-3845 |
SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this small issue." Published: November 26, 2005; 5:03:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3817 |
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module. Published: November 25, 2005; 9:03:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3744 |
SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php. Published: November 22, 2005; 6:03:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3748 |
SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. Published: November 22, 2005; 6:03:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3686 |
SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php. Published: November 18, 2005; 8:03:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3646 |
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. Published: November 17, 2005; 6:02:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3543 |
SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. Published: November 16, 2005; 2:42:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2005-3553 |
Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable). Published: November 16, 2005; 2:42:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3497 |
SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying "this is 100% false reporting, this is a slander campaign from a customer who had a vulnerability in his SERVER not the software." However, followup investigation strongly suggests that the original report is correct Published: November 03, 2005; 7:02:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3365 |
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11. Published: October 30, 2005; 9:34:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3325 |
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters. Published: October 27, 2005; 6:02:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3046 |
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field. Published: September 23, 2005; 8:03:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2005-2983 |
SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. Published: September 19, 2005; 8:03:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-2035 |
SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password. Published: June 16, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-1487 |
Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable Published: May 11, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-1500 |
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well. Published: May 11, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-0252 |
SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-1017 |
SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp. Published: May 02, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-0413 |
Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier. Published: April 27, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-1553 |
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action. Published: December 31, 2004; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |