13186 matches found
CVE-2010-2042
SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information...
Sql injection
SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-2042
SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-2016
SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter...
Sql injection
SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter...
Sql injection
Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in a viewinbox action to cp/cpmessages.php or 2 the id parameter to cp/editemail.php...
Sql injection
SQL injection vulnerability in function.php in MigasCMS 1.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information...
CVE-2010-2016
SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter...
CVE-2010-2012
Overview: CVE-2010-2012 describes an SQL injection in MigasCMS 1.1. Affected software/component: MigasCMS 1.1; vulnerable code path is in function.php. Root cause / trigger: When magic_quotes_gpc is disabled, an attacker can manipulate the categorie parameter in a catalogo action to execute arbit...
CVE-2010-1994
SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATHINFO...
Sql injection
SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATHINFO...
CVE-2010-1994
SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATHINFO...
CVE-2010-1994
TomatoCMS is affected by a SQL injection in the /news/search handler. The vulnerability is triggered via the q parameter (e.g., q=) and creates injectable SQL in conjunction with the PATH_INFO /news/search. Affects TomatoCMS prior to 2.0.5; 2.0.5 fixes the issue, with the vulnerability reappearin...
Multiple Vulnerabilities in boastMachine
High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in boastMachine which could be exploited to perform cross-site scripting attacks and execute arbitrary SQL commands in applications database. 1 Cross-site scripting XSS vulnerability in boastMachine The vulnerability...
CVE-2010-0404
Multiple SQL injection vulnerabilities in phpGroupWare phpgw before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 class.sessionsdb.inc.php, 2 class.translationsql.inc.php, or 3 class.authsql.inc.php in phpgwapi/inc/...
CVE-2010-1924
SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter...
Sql injection
SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter...
Sql injection
SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817...
Sql injection
SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action...
CVE-2010-1925
SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817...