13185 matches found
CVE-2012-5291
CVE-2012-5291 is a SQL injection vulnerability in the Posse Softball Director CMS, specifically in the file team.php. The underlying issue allows remote attackers to manipulate the idteam parameter to execute arbitrary SQL commands. This has public exploit code and references (e.g., Exploit-DB en...
CVE-2012-1603
Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the 1 curstr parameter in the findUsers function, 2 id parameter in the isIdAvailable function, or 3 username parameter in the getGreetings function...
Sql injection
Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the 1 curstr parameter in the findUsers function, 2 id parameter in the isIdAvailable function, or 3 username parameter in the getGreetings function...
CVE-2012-5227
SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2012-5227
CVE-2012-5227 affects Peel SHOPPING versions 2.8 and 2.9, where an SQL injection in administrer/tva.php via the id parameter allows remote execution of arbitrary SQL commands. Root cause: insufficient input validation leading to query composition. Affected software: Peel SHOPPING 2.8/2.9; vulnera...
Sql injection
Multiple SQL injection vulnerabilities in the getsamplefiltersbysignature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to execute arbitrary SQL commands via the 1 agent or 2 object id...
CVE-2012-2998
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager TMCM before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager TMCM before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-5162
Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a 1 editcategorypost or 2 enablecategory action to index.php...
SQLAlchemy: SQL injection
Background SQLAlchemy is a Python SQL toolkit and Object Relational Mapper. Description SQLAlchemy does not properly sanitize input passed from the “limit” and “offset” keywords to the select function before using it in an SQL query. Impact A remote attacker could exploit this vulnerability to...
CVE-2011-5201
Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the 1 name and 2 msg parameters. NOTE: some of these details are obtained from third party information...
Sql injection
Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the 1 name and 2 msg parameters. NOTE: some of these details are obtained from third party information...
Sql injection
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 list.php, 2 members.php, or 3 book.php...
Sql injection
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2011-5200
CVE-2011-5200 : The connected documents confirm multiple SQL injection vulnerabilities in DeDeCMS up to version 5.6/5.7, exploitable via the id parameter in the files list.php , members.php , and book.php . The root cause is unsanitized input allowing remote attackers to execute arbitrary SQL com...
CVE-2012-5098
Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to rate.php, 2 cid parameter to view.php, or 3 t parameter to pop.php...
CVE-2011-5201
Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the 1 name and 2 msg parameters. NOTE: some of these details are obtained from third party information...
CVE-2011-5198
CVE-2011-5198 is a confirmed SQL injection in the Neturf eCommerce Shopping Cart, targeting the search.php endpoint. The vulnerability allows remote attackers to append arbitrary SQL via the SearchFor parameter (no authentication required, network access). CVSS v2 metrics indicate a base score of...