Total
15329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1934 | 1 Sourcefabric | 1 Newscoop | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. | |||||
| CVE-2010-4736 | 1 Gatesoft | 1 Docusafe | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-6497 | 1 Rubyonrails | 1 Rails | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product. | |||||
| CVE-2010-0469 | 1 Files2links | 1 F2l 3000 Appliance | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, and possibly other versions and models, allows remote attackers to execute arbitrary SQL commands via unspecified parameters to the login page. | |||||
| CVE-2010-0980 | 1 Mitchell Sleeper | 1 L4d Stats | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter. | |||||
| CVE-2010-0720 | 1 Systemsoftware | 1 Erotik Auktionshaus | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in Erotik Auktionshaus allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2019 | 1 Bukulokomedia | 1 Lokomedia Cms | 2025-04-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2011-3688 | 1 Sonexis | 1 Conferencemanager | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp. | |||||
| CVE-2012-5294 | 1 Mystorexpress | 1 Tienda Virtual | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-4996 | 1 Rivetcode | 1 Rivettracker | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php. | |||||
| CVE-2011-4847 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/. | |||||
| CVE-2012-1116 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-0135 | 1 Chatelao | 1 Php Address Book | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php. | |||||
| CVE-2011-0407 | 1 Phenotype-cms | 1 Phenotype Cms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4916 | 1 Coldgen | 1 Coldusergroup | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter. | |||||
| CVE-2010-0973 | 1 Scripteverkauf | 1 Domain Verkaus And Auktions Portal | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-1857 | 1 Realitymedias | 1 Repairshop2 | 2025-04-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-2740 | 1 Phplist | 1 Phplist | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. | |||||
| CVE-2010-4972 | 1 Ypninc | 1 Jokescript | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in YPNinc JokeScript allows remote attackers to execute arbitrary SQL commands via the ypncat_id parameter. | |||||
| CVE-2011-5071 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information. | |||||