13188 matches found
CVE-2009-3970
The CVE-2009-3970 entry describes a SQL injection in index.php of PHP Dir Submit (also WebsiteSubmitter/Submitter Script). The vulnerability is triggered by the aid parameter in a showarticle action, allowing remote authenticated users to execute arbitrary SQL commands. Affected software is PHP D...
CVE-2009-3974
Invision Power Board (IPB/IP.Board) 3.0.0–3.0.2 is vulnerable to multiple SQL injection flaws. The issues affect input handling for two parameters: (1) search_term in admin/applications/core/modules_public/search/search.php and (2) aid in admin/applications/core/modules_public/global/lostpass.php...
CVE-2009-3973
The CVE relates to a SQL injection in index.php of Turnkey Arcade Script. The vulnerability is triggered via the id parameter in actions (play or browse) and allows remote attackers to execute arbitrary SQL commands, reflecting a classic server-side injectable vector. The connected data confirms ...
CVE-2009-3965
SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter...
Oracle Database Server ctxsys.driload Access Validation (CVE-2004-0637)
Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...
Sql injection
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter...
CVE-2009-3913
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter...
CVE-2009-3913
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter...
Sql injection
SQL injection vulnerability in the JShop comjshop component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php...
Sql injection
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified...
CVE-2009-3632
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified...
CVE-2009-3632
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified...
Sql injection
SQL injection vulnerability in the Flagbit Filebase fbfilebase extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2009-3820
SQL injection vulnerability in the Flagbit Filebase fbfilebase extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via 1 the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or 2 the topicid parameter...
Sql injection
SQL injection vulnerability in feedbackjs.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter...
Sql injection
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass aka Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the 1 forum parameter to modules/forum/post.php and possibly 2 forumid variable to modules/forum/class/class.permissions.php...
CVE-2009-3806
SQL injection vulnerability in feedbackjs.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter...
Sql injection
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser aka Username parameter...