Export limit exceeded: 364837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19780 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19780 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4942 1 E-xoopport 1 Samsara 2025-04-11 N/A
SQL injection vulnerability in location.php in the eCal module in E-Xoopport Samsara 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2010-3467 1 E-xoopport 1 Samsara 2025-04-11 N/A
SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action.
CVE-2012-1557 1 Parallels 1 Parallels Plesk Panel 2025-04-11 N/A
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.
CVE-2012-1234 1 Advantech 1 Advantech Webaccess 2025-04-11 N/A
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.
CVE-2012-4772 1 Intelliants 1 Subrion Cms 2025-04-11 N/A
SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.
CVE-2010-5287 1 Cstech 1 Webconductor 2025-04-11 N/A
SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4865 1 I-escorts 2 I-escorts Agency Script, I-escorts Directory Script 2025-04-11 N/A
Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information.
CVE-2010-1726 1 Alibabaclone 1 Ec21 Clone 2025-04-11 N/A
SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4365 2 Harmistechnology, Joomla 2 Com Jeajaxeventcalendar, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.
CVE-2012-2952 1 Jaow 1 Jaow 2025-04-11 N/A
SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter.
CVE-2010-3461 1 Endonesia 1 Endonesia 2025-04-11 N/A
SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394.
CVE-2010-3458 1 Getsymphony 1 Symphony 2025-04-11 N/A
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
CVE-2010-4363 1 Mrcgiguy 1 Freeticket 2025-04-11 N/A
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action.
CVE-2009-4680 1 Phpdirectorysource 1 Phpdirectorysource 2025-04-11 N/A
SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-2010-2622 2 Joomanager, Joomla 2 Joomanager, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2009-5088 1 Ideacart 1 Ideacart 2025-04-11 N/A
SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter.
CVE-2009-4667 1 Phpmember 1 Webmember 2025-04-11 N/A
SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter.
CVE-2010-4186 1 Onlinetechtools.com 1 Oasys Professional 2025-04-11 N/A
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4650 2 Joomla, Onnogroen 2 Joomla\!, Com Webeecomment 2025-04-11 N/A
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information.
CVE-2010-0112 1 Symantec 1 Im Manager 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp.