Search Results (19662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1557 1 Parallels 1 Parallels Plesk Panel 2025-04-11 N/A
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.
CVE-2012-0805 2 Redhat, Sqlalchemy 2 Enterprise Linux, Sqlalchemy 2025-04-11 N/A
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
CVE-2010-2905 2 Brotherscripts, Scriptsfeed 2 Scripts Directory, Scripts Directory 2025-04-11 N/A
SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4695 1 Radscripts 1 Radlance 2025-04-11 N/A
SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
CVE-2010-4186 1 Onlinetechtools.com 1 Oasys Professional 2025-04-11 N/A
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-0293 1 Symantec 1 Altiris Wise Package Studio 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-2851 2 Joomla, Ordasoft 2 Joomla\!, Com Booklibrary 2025-04-11 N/A
SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2009-4015 1 Debian 1 Lintian 2025-04-11 N/A
Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.
CVE-2009-4838 1 Secureideas 1 Basic Analysis And Security Engine 2025-04-11 N/A
SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-4871 1 Logoshows 1 Logoshows Bbs 2025-04-11 N/A
SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2009-4872 1 Logoshows 1 Logoshows Bbs 2025-04-11 N/A
Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2009-4883 1 Todd Rogers 1 Phprecipebook 2025-04-11 N/A
SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.
CVE-2009-4889 2 Basti2web, Php-fusion 2 Book Panel, Php-fusion 2025-04-11 N/A
SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter.
CVE-2009-4992 1 Script-shop24 1 Lm Starmail Paidmail 2025-04-11 N/A
SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-4925 1 Creasito 1 Creasito E-commerce Content Manager 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php.
CVE-2009-4933 1 Winterwebs 1 Ezwebitor 2025-04-11 N/A
Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-4954 2 Typo3, Websedit 2 Typo3, Sk Calendar 2025-04-11 N/A
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4947 1 Q2solutions 1 Connx 2025-04-11 N/A
SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter.
CVE-2009-4949 2 Joachim Ruhs, Typo3 2 Locator, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4950 2 Tim Lochmueller \& Thomas Buss, Typo3 2 A21glossary Advanced Output, Typo3 2025-04-11 N/A
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.