Export limit exceeded: 19622 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19622 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5122 | 1 Softbizscripts | 1 Classifieds Plus Script | 2026-04-23 | N/A |
| SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-5131 | 1 Interspire | 1 Activekb Nx | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected. | ||||
| CVE-2008-2356 | 1 Archangelmgt | 1 Archangel Weblog | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter. | ||||
| CVE-2007-5151 | 1 Nukescripts | 1 Nukesentinel | 2026-04-23 | N/A |
| SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie. | ||||
| CVE-2007-5180 | 1 Ohesa Emlak Portali | 1 Ohesa Emlak Portali | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp. | ||||
| CVE-2008-2380 | 1 Courier-mta | 1 Courtier-authlib | 2026-04-23 | N/A |
| SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes. | ||||
| CVE-2008-2381 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable. | ||||
| CVE-2008-2412 | 1 Acgv.free | 1 Acgv News | 2026-04-23 | N/A |
| SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-2416 | 1 Fichive | 1 Fichive | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter in a Fiction action, possibly related to sources/fiction.class.php. | ||||
| CVE-2007-5402 | 1 Layton Technology | 1 Helpbox | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword parameter to writepwdenduser.asp, and the sys_request_id parameter to (3) changerequeststatus.asp, (4) editrequestuser.asp, (5) requestcommentsuser.asp, and (6) useractions.asp, different vectors than CVE-2004-2551. | ||||
| CVE-2007-5430 | 1 Scottmanktelow | 1 Stride Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem. | ||||
| CVE-2007-5488 | 1 Asterisk | 1 Asterisk-addons | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record. | ||||
| CVE-2008-2446 | 1 Wgcc | 1 Web Group Communication Center | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php. | ||||
| CVE-2008-2447 | 1 Mytipper | 1 Zogo Shop | 2026-04-23 | N/A |
| SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2008-2448 | 1 Aspindir | 1 Meto Forum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp. | ||||
| CVE-2008-2454 | 1 Joomla | 1 Com Xsstream-dm | 2026-04-23 | N/A |
| SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php. | ||||
| CVE-2008-2479 | 1 Badongo | 1 Phpfix | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php. | ||||
| CVE-2008-2484 | 1 Xomol | 1 Xomol Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the email parameter. | ||||
| CVE-2008-2487 | 1 Maxsite | 1 Maxsite | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action. | ||||
| CVE-2008-2489 | 1 Typo3 | 1 Sg Zfelib | 2026-04-23 | N/A |
| SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input." | ||||