13188 matches found
CVE-2008-7059
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter...
CVE-2008-7059
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter...
CVE-2008-7059
CVE-2008-7059 describes an SQL injection vulnerability in the index.php of One-News Beta 2, exploitable via the q parameter. This allows remote attackers to execute arbitrary SQL commands. The issue is classified with a CVSS v2 base score of 7.5 (HIGH) with network access, low complexity, and no ...
CVE-2008-7049
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the 1 txtUsername parameter aka Username and 2 txtPassword parameter aka Password in a form generated by home.asp. NOTE: due to lack of details, it is not...
Sql injection
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect...
Sql injection
SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script AJPoll Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter...
Sql injection
Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be...
Sql injection
SQL injection vulnerability in the MyeGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect...
Sql injection
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the 1 txtUsername parameter aka Username and 2 txtPassword parameter aka Password in a form generated by home.asp. NOTE: due to lack of details, it is not...
CVE-2008-7049
NatterChat is affected by SQL injection in login.asp for versions 1.1 and 1.12, exploitable via the (1) txtUsername and (2) txtPassword fields in the form generated by home.asp. The issue is caused by improper input handling that allows remote attackers to craft SQL commands. OpenVAS and CVE refe...
CVE-2008-7044
A CVE for AJ Square Free Polling Script (AJPoll) Database exposes a SQL injection in admin/include/newpoll.php via the ques parameter. This allows remote attackers to execute arbitrary SQL commands, impacting confidentiality, integrity, and availability. No remediation details are provided in the...
Sql injection
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter...
CVE-2009-2927
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter...
CVE-2009-2933
SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the itemsnumber parameter...
Sql injection
Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the 1 tgslanguageid, 2 tpldir, 3 referer, 4 user-agent, 5 site, 6 option, 7 dboptimization, 8 owner, 9 adminemail, 10 defaultlanguage, and 11 dbhost parameters to...
CVE-2009-2929
CVE-2009-2929 affects TGS Content Management 0.x. The vulnerability is multiple SQL injection points in cms/index.php (parameters including tgs_language_id, tpl_dir, referer, user-agent, site, option, db_optimization, owner, admin_email, default_language, db_host) and cms/frontpage_ception.php (p...
CVE-2009-2924
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the 1 UploadID parameter to videoint.php, and possibly the 2 catid parameter to catvideo.php and 3 uid parameter to cviewchannels.php...
Sql injection
SQL injection vulnerability in 2flygift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action...
Sql injection
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the 1 UploadID parameter to videoint.php, and possibly the 2 catid parameter to catvideo.php and 3 uid parameter to cviewchannels.php...
CVE-2009-2915
SQL injection vulnerability in 2flygift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action...