Export limit exceeded: 19553 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19553 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1676 | 1 Maxdev | 1 Md-pro | 2026-04-16 | N/A |
| SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP. | ||||
| CVE-2006-0403 | 1 E-moblog | 1 E-moblog | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. NOTE: some sources have reported item 1 as involving the "monthly" parameter, but this is incorrect. | ||||
| CVE-2006-1049 | 1 Joomla | 1 Joomla | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-2259 | 1 Maxxcode | 1 Maxxschedule | 2026-04-16 | N/A |
| SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | ||||
| CVE-2006-4736 | 1 Cms.r. | 1 Cms.r. | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-2157 | 1 Plogger | 1 Plogger | 2026-04-16 | N/A |
| SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246. | ||||
| CVE-2006-1278 | 1 Upoint | 1 \@1 File Store | 2026-04-16 | N/A |
| SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2. | ||||
| CVE-2006-0586 | 1 Oracle | 2 Application Server, Oracle10g | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues. | ||||
| CVE-2006-1018 | 1 Dci-designs | 1 Dawaween | 2026-04-16 | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action. | ||||
| CVE-2006-4564 | 1 Simplemachines | 1 Smf | 2026-04-16 | N/A |
| SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. | ||||
| CVE-2006-3318 | 1 Spiffyjr | 1 Phpraid | 2026-04-16 | N/A |
| SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters. | ||||
| CVE-2005-4711 | 1 Neocrome | 1 Land Down Under | 2026-04-16 | N/A |
| SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-3181 | 1 Mobescripts | 1 Mobile Space Community | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter. | ||||
| CVE-2005-1017 | 1 Maxwebportal | 1 Maxwebportal | 2026-04-16 | N/A |
| SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp. | ||||
| CVE-2006-2416 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. | ||||
| CVE-2005-4632 | 1 Vote Pro | 1 Vote Pro | 2026-04-16 | N/A |
| SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | ||||
| CVE-2006-0602 | 1 Hinton Design | 1 Phphg Guestbook | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or (6) admin/edit_filter.php. | ||||
| CVE-2006-2301 | 1 Ozzywork | 1 Galeri | 2026-04-16 | N/A |
| SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields. | ||||
| CVE-2003-1244 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php. | ||||
| CVE-2006-3139 | 1 Vwar | 1 Virtual War | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters. | ||||