Sql injection

SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action...

CVE-2010-3461

CVE-2010-3461 (and related CVE-2007-3394) are concrete SQL injection vulnerabilities in eNdonesia 8.4. The issue affects the Publisher module and allows remote attackers to execute arbitrary SQL via the artid parameter (to mod.php) and, for CVE-2007-3394, via the bid parameter to banners.php (in ...

CVE-2010-3458

CVE-2010-3458 describes a SQL injection in Symphony CMS (versions 2.0.7 and 2.1.1) where remote attackers could execute arbitrary SQL via the send-email[recipient] parameter to about/. The OpenVAS entry also notes a broader set of vulnerabilities for Symphony

XMB 1.9.11 Cross Site Request Forgery

...

CVE-2010-3428

SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a category action...

CVE-2010-3422

SQL injection vulnerability in the JGen comjgen component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php...

Sql injection

SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a category action...

Sql injection

SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method...

CVE-2010-3422

SQL injection vulnerability in the JGen comjgen component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php...

CVE-2010-3428

SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a category action...

Sql injection

Multiple SQL injection vulnerabilities in eshtery CMS aka eshtery.com allow remote attackers to execute arbitrary SQL commands via the 1 Criteria field in an unspecified form related to catlgsearch.aspx or 2 user name to an unspecified form related to adminlogin.aspx...

DSA-2103-1 smbind - sql injection

Bulletin has no description...

Sql injection

SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATHINFO...

CVE-2010-3212

SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATHINFO...

CVE-2010-3207

CVE-2010-3207 : A SQL injection in the PHP file index.php of GaleriaSHQIP 1.0 is possible when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to modify the underlying SQL via the album_id parameter, per the NVD entry (base score 6.8, MEDIUM). The affected component is the...

CVE-2010-3211

Multiple SQL injection vulnerabilities in the JE FAQ Pro comjefaqpro component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with 1 the catid parameter or 2 the catid parameter in a lists action...

CVE-2010-3188

SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page...

CVE-2009-4982

SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATHINFO to the default URI...

CVE-2009-4985

SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter...

Sql injection

SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATHINFO to the default URI...