Export limit exceeded: 18932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18932 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4935 | 1 Esoftpro | 1 Online Guestbook Pro | 2025-04-11 | N/A |
| SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter. | ||||
| CVE-2009-4891 | 1 Cs-cart | 1 Cs-cart | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action. | ||||
| CVE-2009-4936 | 1 Spirate | 1 Small Pirate | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php. | ||||
| CVE-2012-0999 | 1 Lepton-cms | 1 Lepton | 2025-04-11 | N/A |
| SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter. | ||||
| CVE-2009-4872 | 1 Logoshows | 1 Logoshows Bbs | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | ||||
| CVE-2009-4871 | 1 Logoshows | 1 Logoshows Bbs | 2025-04-11 | N/A |
| SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | ||||
| CVE-2009-4870 | 1 Phpcityportal | 1 Phpcityportal | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-0375 | 1 Jce-tech | 1 Php Calendars Script | 2025-04-11 | N/A |
| SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-0404 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/. | ||||
| CVE-2009-4733 | 1 Supercrackmunkey | 1 Simpleloginsys | 2025-04-11 | N/A |
| SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4838 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2025-04-11 | N/A |
| SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-7175 | 1 Avanset | 1 Visual Certexam Manager | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field. | ||||
| CVE-2009-4797 | 1 Jobhut.spranger | 1 Jobhut | 2025-04-11 | N/A |
| SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter. | ||||
| CVE-2010-2133 | 1 Mylittleforum | 1 My Little Forum | 2025-04-11 | N/A |
| SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942. | ||||
| CVE-2009-4796 | 1 Glfusion | 1 Glfusion | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php. | ||||
| CVE-2009-4795 | 1 Xlightftpd | 1 Xlight Ftp Server | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command. | ||||
| CVE-2009-4794 | 1 Community Cms | 1 Community Cms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php. | ||||
| CVE-2009-4749 | 1 Phplivesupport | 1 Php Live\! | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php. | ||||
| CVE-2010-2139 | 1 Multishopcms | 1 Multishop Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in pages.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4791 | 1 Ryan Haudenschilt | 1 Family Connections | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php. | ||||