CVE-2007-6125

SQL injection vulnerability in searchform.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sbprotype parameter...

DEBIAN-CVE-2007-4154

SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the pageoptions parameter to 1 options-general.php, 2 options-writing.php, 3 options-reading.php, 4 options-discussion.php, 5 options-privacy.php, 6...

CVE-2007-2006

Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the 1 login or 2 pass parameter...

PT-2007-2717 · Li · Li-Guestbook

Name of the Vulnerable Software and Affected Versions: LI-Guestbook versions 1.1 through 1.2 Description: The issue allows remote attackers to execute arbitrary SQL commands via the country parameter in the guestbook.php file when magic quotes gpc is disabled. Recommendations: For versions 1.1 an...

CVE-2007-1171

SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie...

DEBIAN-CVE-2007-0262

WordPress 2.0.6, and 2.1Alpha 3 SVN:4662, does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as th...

PT-2007-1215 · Portix · Portix-Php

Name of the Vulnerable Software and Affected Versions: Portix-PHP version 0.4.2 Description: The issue allows remote attackers to execute arbitrary SQL commands via the username and passwd fields in the login component. Recommendations: For Portix-PHP version 0.4.2, update to a version that fixes...

DEBIAN-CVE-2007-0107

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7...

security flaw

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting XSS, and HTTP response splitting...

PT-2006-6735 · Baal · Baalasp Forum

Name of the Vulnerable Software and Affected Versions: BaalAsp forum affected versions not specified Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited through...

PT-2006-6611 · Funkyasp · Funkyasp Glossary

Name of the Vulnerable Software and Affected Versions: FunkyASP Glossary version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the alpha parameter in the demo/glossary/glossary.asp file. Recommendations: For FunkyASP Glossary...

PT-2006-6446 · Unknown · Article Script

Name of the Vulnerable Software and Affected Versions: Article Script versions 1.6.3 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the category parameter in the rss.php file. Recommendations: For Article Script versions 1.6.3 an...

PT-2006-3745 · X Cart · X-Cart

Name of the Vulnerable Software and Affected Versions: X-Cart Gold and Pro versions 4.0.18 through 4.1.0 beta 1 Description: The issue allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field in search.php, when the settings specify only "Search in Detailed...

PT-2005-5169 · Quantum Art · Quantum Art Qp7.Enterprise

Name of the Vulnerable Software and Affected Versions: Quantum Art QP7.Enterprise affected versions not specified Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the p news id parameter to API endpoints such as "news and events...

PT-2005-4293 · Php · Php Handicapper

Name of the Vulnerable Software and Affected Versions: PHP Handicapper affected versions not specified Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the serviceid parameter in the process signup.php file. The vendor initially disputed this issue,...

PT-2005-2772 · Os4E · Unknown Product

Name of the Vulnerable Software and Affected Versions: Unknown product by Online Solutions for Educators OS4E affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the password variable in the login.asp file. This could potentially le...

PT-2005-2722 · Ezdwc · Ezdwc Newsletterez

Name of the Vulnerable Software and Affected Versions: ezdwc NewsletterEz version 3.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the password parameter in the "login.asp" file. Recommendations: For ezdwc NewsletterEz version 3.0, conside...

PT-2005-2567 · Quick.Cart · Quick.Cart

Name of the Vulnerable Software and Affected Versions: Quick.cart version 0.3.0 Description: The issue concerns a potential SQL injection vulnerability in the index.php file of Quick.cart, allegedly allowing remote attackers to execute arbitrary SQL commands via the iCategory parameter. However,...

PT-2005-1332 · Biborb · Biborb

Name of the Vulnerable Software and Affected Versions: BibORB versions 1.3.2 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the Username or Password variables. Recommendations: For BibORB versions 1.3.2 and earlier, update to...

SQL Server 2016 RTM Cumulative Update (CU) 1 KB3164674

SQL Server 2016 RTM Cumulative Update CU 1 KB3164674...