CVE-2008-2774

SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter, a different vector than CVE-2007-4736...

PT-2008-3304 · Blogator · Blogator-Script

Name of the Vulnerable Software and Affected Versions: Blogator-script version 0.95 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id art parameter in the blogadata/include/sond result.php file. Recommendations: For Blogator-script versi...

CVE-2008-0565

CVE-2008-0565 concerns a SQL injection in DeltaScripts PHP Links 1.3 and earlier, exploitable via the id parameter in vote.php. The vulnerability is documented with affected software and root cause: unsafely constructed SQL in vote.php allows remote SQL command execution. The available connected ...

CVE-2007-6462

SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter...

DEBIAN-CVE-2007-3905

SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the order parameter to 1 photos.php and 2 editphotos.php...

CVE-2007-1882

qcbin/servlet/tdservlet/TDAPIGeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method...

PT-2005-4664 · Randshop · Randshop

Name of the Vulnerable Software and Affected Versions: Randshop affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the kategorieid and katid parameters in the themes/kategorie/index.php file. Recommendations: At t...

PT-2005-2552 · Asp · Asp Virtual News Manager

Name of the Vulnerable Software and Affected Versions: ASP Virtual News Manager affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the password parameter in the admin login.asp file. This can be exploited by sending malicious input...

CVE-2004-2062

SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the 1 threadid, 2 parentid, or 3 mode parameters...

CVE-2004-1515

SQL injection vulnerability in 1 ttlast.php and 2 last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php...

PT-2004-2553 · Unknown · Password Protect

Name of the Vulnerable Software and Affected Versions: Password Protect affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL statements and bypass authentication. This can be achieved through various parameters and files, including 1 admin or Pas...

CVE-2004-0543

Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries...

CVE-2001-1089

libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request...

CVE-2000-1233

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter...