Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- Category (CWE): CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-1573 |
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. Published: March 21, 2007; 5:19:00 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2007-1548 |
SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp. Published: March 20, 2007; 6:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-7170 |
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php. Published: March 20, 2007; 6:19:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1469 |
SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action. Published: March 16, 2007; 5:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-7138 |
SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven. Published: March 07, 2007; 3:19:00 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2007-1302 |
SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected. Published: March 06, 2007; 7:19:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-7116 |
SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php. Published: March 05, 2007; 8:19:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-7118 |
SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter. Published: March 05, 2007; 8:19:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1250 |
SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. Published: March 03, 2007; 3:19:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-7089 |
SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. Published: March 02, 2007; 4:18:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1154 |
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782. Published: March 02, 2007; 4:18:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-1163 |
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. Published: March 02, 2007; 4:18:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1166 |
SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter. Published: March 02, 2007; 4:18:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1171 |
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie. Published: March 02, 2007; 4:18:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-7025 |
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter. Published: February 22, 2007; 10:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1026 |
SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information. Published: February 21, 2007; 6:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1034 |
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter. Published: February 21, 2007; 6:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-0984 |
SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp. Published: February 16, 2007; 6:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-0985 |
SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action. Published: February 16, 2007; 6:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-0875 |
SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database Published: February 12, 2007; 2:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |