Search Results (19368 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5561 1 Netref 1 Netref 2026-04-23 N/A
SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.
CVE-2008-5571 1 Dotnetindex 1 Professional Download Assistant 2026-04-23 N/A
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
CVE-2008-5589 1 Katywhitton 1 Rankem 2026-04-23 N/A
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2006-5606 1 Bytesfall Explorer 1 Bytesfall Explorer 2026-04-23 N/A
Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors.
CVE-2008-7119 1 Webidsupport 1 Webid 2026-04-23 N/A
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6337 1 Aspindir 1 Aspee Ziyaretci Defteri 2026-04-23 N/A
Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter.
CVE-2008-2443 1 Therealestatescript 1 The Real Estate Script 2026-04-23 N/A
SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter.
CVE-2008-5627 1 Activewebsoftwares 1 Active Trade 2026-04-23 N/A
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-7120 1 Mrcgiguy 1 Hot Links Sql-php 2026-04-23 N/A
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
CVE-2006-6367 1 Duware 3 Dudownload, Dunews, Dupaypal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
CVE-2008-2451 1 Inmedias 1 Statistics 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-2460 1 Vbulletin 1 Vbulletin 2026-04-23 N/A
SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action.
CVE-2008-5631 1 Activewebsoftwares 1 Active Ewebquiz 2026-04-23 N/A
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5633 1 Activewebsoftwares 1 Activevotes 2026-04-23 N/A
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2006-6402 1 Mystats 1 Mystats 2026-04-23 N/A
SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter.
CVE-2008-2479 1 Badongo 1 Phpfix 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php.
CVE-2008-5635 1 Activewebsoftwares 1 Active Membership 2026-04-23 N/A
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2006-7089 1 Ban 1 Ban 2026-04-23 N/A
SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-7118 1 Dmxready 1 Site Engine Manager 2026-04-23 N/A
SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2006-7138 1 Oracle 1 Apex 2026-04-23 N/A
SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.