Export limit exceeded: 364592 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19763 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19763 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3834 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-11 | N/A |
| SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter. | ||||
| CVE-2009-4698 | 2 Alexandre Amaral, Xoops | 2 Xoops Celepar, Xoops | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php. | ||||
| CVE-2010-1327 | 1 Tornadostore | 1 Tornadostore | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3. | ||||
| CVE-2009-4701 | 2 Liviu Mitrofan, Typo3 | 2 Myth Download, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4702 | 2 Markus Barchfeld, Typo3 | 2 Pm Tour, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4703 | 1 Typo3 | 2 Typo3, Ws Gallery | 2025-04-11 | N/A |
| SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-1522 | 1 Doctrine-project | 5 Doctrine, Doctrine1.2.0, Doctrine1.2.1 and 2 more | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field. | ||||
| CVE-2009-4708 | 2 Maximo Cuadros, Typo3 | 2 Gb Fenewssubmit, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4709 | 2 Dirk Maiwert, Typo3 | 2 Datamints Newsticker, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4710 | 2 Robert Heel, Typo3 | 2 Cwt Resetbepassword, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4711 | 2 Jan Bednarik, Typo3 | 2 Cooluri, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686. | ||||
| CVE-2009-4712 | 1 Tukanas | 1 Easyclassifieds Script | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter. | ||||
| CVE-2010-4363 | 1 Mrcgiguy | 1 Freeticket | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action. | ||||
| CVE-2010-1078 | 1 Sphere.xlentprojects | 1 Spherecms | 2025-04-11 | N/A |
| SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism. | ||||
| CVE-2011-5139 | 1 Preprojects | 1 Business Cards Designer | 2025-04-11 | N/A |
| SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2011-5140 | 1 Diy-cms | 2 Blog, Diy-cms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php. | ||||
| CVE-2010-1070 | 1 Imagoscripts | 1 Deviant Art Clone | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action. | ||||
| CVE-2010-3608 | 1 Wire Plastic Design | 1 Wpquiz | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php. | ||||
| CVE-2012-3477 | 1 Thomas Hunter | 1 Neoinvoice | 2025-04-11 | N/A |
| SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action. | ||||
| CVE-2010-3458 | 1 Getsymphony | 1 Symphony | 2025-04-11 | N/A |
| SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. | ||||