Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-5060 1 Internet-works 1 Nus Newssystem 2025-04-11 N/A
SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-5967 1 Alienvault 1 Open Source Security Information Management 2025-04-11 N/A
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.
CVE-2010-5047 1 V-eva 1 Press Release Script 2025-04-11 N/A
SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-2050 1 Redhat 3 Cloudforms Management Engine, Cloudforms Managementengine, Manageiq Enterprise Virtualization Manager 2025-04-11 N/A
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.
CVE-2010-3479 1 Boutikone 1 Boutikone 2025-04-11 N/A
SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2010-0761 1 Commodityrentals 1 Books\/ebooks Rentals Script 2025-04-11 N/A
SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.
CVE-2011-5230 1 Seotoaster 1 Seotoaster 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.
CVE-2013-5120 1 Phpfox 1 Phpfox 2025-04-11 N/A
SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
CVE-2012-3477 1 Thomas Hunter 1 Neoinvoice 2025-04-11 N/A
SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action.
CVE-2010-1660 1 Clscript 1 Clscript Classifieds Script 2025-04-11 N/A
SQL injection vulnerability in help-details.php in CLScript Classifieds Script allows remote attackers to execute arbitrary SQL commands via the hpId parameter.
CVE-2012-0805 2 Redhat, Sqlalchemy 2 Enterprise Linux, Sqlalchemy 2025-04-11 N/A
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
CVE-2013-5091 1 Vtiger 1 Vtiger Crm 2025-04-11 N/A
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.
CVE-2010-2905 2 Brotherscripts, Scriptsfeed 2 Scripts Directory, Scripts Directory 2025-04-11 N/A
SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-2925 1 Simple Php Agenda 1 Simple Php Agenda 2025-04-11 N/A
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.
CVE-2012-4673 1 Thomas Hunter 1 Neoinvoice 2025-04-11 N/A
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477.
CVE-2011-5139 1 Preprojects 1 Business Cards Designer 2025-04-11 N/A
SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-2826 1 Cisco 1 Wireless Control System Software 2025-04-11 N/A
SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.
CVE-2013-6936 1 Mybb 1 Ajax Forum Stat 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
CVE-2011-1060 1 Webmastersite 1 Wsn Guest 2025-04-11 N/A
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.
CVE-2012-5313 1 Snitz Communications 1 Snitz Forums 2000 2025-04-11 N/A
SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.