Sql injection

Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-1907

Multiple SQL injection vulnerabilities in functions/displaypage.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the 1 idproduct, 2 idmanufacturer, and 3 idcategory parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and...

CVE-2008-0444

Cross-site scripting XSS vulnerability in Electronic Logbook ELOG before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components...

CVE-2007-4163

Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 before 20070726 allow remote attackers to execute arbitrary SQL commands via the 1 catid, 2 startid, 3 rowparentid, and 4 rowcatid parameters to unspecified components, related to use of these parameters within include/utils.php...