13188 matches found
Oracle Database Trigger MDSYS.SDO_TOPO_DROP_FTBL SQL Injection (CVE-2008-3979)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects such as procedures, functions, triggers, variables, constants, cursors, and exceptions, are provided in order t...
Sql injection
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file CourseTitle."...
CVE-2009-4305
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file CourseTitle."...
Sql injection
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2009-4238
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via 1 the Test Case ID field to lib/general/navBar.php or 2 the logLevel parameter to lib/events/eventviewer.php...
Sql injection
SQL injection vulnerability in mainforum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter...
Sql injection
Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 contid and 2 courcid parameters in a pregled action. NOTE: some of these details are obtained from third party information...
CVE-2009-4256
Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 contid and 2 courcid parameters in a pregled action. NOTE: some of these details are obtained from third party information...
Sql injection
Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via 1 the catid parameter in the PATHINFO to the default URI or 2 the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of...
CVE-2009-4229
CVE-2009-4229 involves multiple SQL injection vulnerabilities in ActiveBids (ActiveWebSoftwares). The affected component is the Active Bids web application, with vulnerabilities exploitable through (1) the catid parameter in the PATH_INFO to the default URI and (2) the catid parameter to default....
Sql injection
SQL injection vulnerability in the Itamar Elharar MusicGallery commusicgallery component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained...
Sql injection
SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767...
CVE-2009-4218
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience JBSX allow remote attackers to execute arbitrary SQL commands via the 1 admin or 2 password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are...
CVE-2009-4221
SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767...
Sql injection
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in the osnews module in Open-school OS 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php...
CVE-2009-4206
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2009-4204
SQL injection vulnerability in read.php in Flashlight Free Edition allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2009-4206
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2009-4198
SQL injection vulnerability in myorders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action...