DEBIAN-CVE-2008-5813

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-4633

SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."...

CVE-2008-4590

Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via 1 the username parameter to admin/login.php and 2 the post parameter to admin/news.php...

DEBIAN-CVE-2008-4078

SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

PT-2008-5381 · Ledgersmb +2 · Ledgersmb +2

Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.2.15 SQL-Ledger versions prior to 2.8.18 Description: The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This is a SQL injection vulnerability in the AR/AP...

CVE-2008-2823

SQL injection vulnerability in newsarchive.php in PHPeasyblog formerly phpeasynews 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter...

CVE-2008-2767

SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter...

CVE-2008-2762

SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter...

Owl SQL injection vulnerability

Overview Owl, an open source document management and publishing system, contains an SQL injection vulnerability. Impact A remote attacker may modify or steal the database contents. Solution None...

Moderate: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0CP02 security update

Updated JBoss Enterprise Application Platform JBEAP packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform JBEAP is a middleware platform for Java 2...

EJBQL injection via 'order' parameter

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter...

EJBQL injection via 'order' parameter

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter...

PT-2008-2241 · WordPress · Dmsguestbook

Name of the Vulnerable Software and Affected Versions: DMSGuestbook version 1.7.0 Description: A SQL injection issue exists in the administration panel of the DMSGuestbook plugin for WordPress, allowing remote authenticated administrators to execute arbitrary SQL commands. It is unclear whether...

CVE-2007-6670

SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter...

DEBIAN-CVE-2007-6171

SQL injection vulnerability in the Postgres Realtime Engine resconfigpgsql in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors...

CVE-2007-6125

SQL injection vulnerability in searchform.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sbprotype parameter...

DEBIAN-CVE-2007-4154

SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the pageoptions parameter to 1 options-general.php, 2 options-writing.php, 3 options-reading.php, 4 options-discussion.php, 5 options-privacy.php, 6...

CVE-2007-2006

Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the 1 login or 2 pass parameter...

PT-2007-2717 · Li · Li-Guestbook

Name of the Vulnerable Software and Affected Versions: LI-Guestbook versions 1.1 through 1.2 Description: The issue allows remote attackers to execute arbitrary SQL commands via the country parameter in the guestbook.php file when magic quotes gpc is disabled. Recommendations: For versions 1.1 an...

CVE-2007-1171

SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie...