Export limit exceeded: 366296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19827 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-0691 1 Jtl-software 1 Jtl-shop 2025-04-11 N/A
SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter.
CVE-2010-0690 1 Commodityrentals 1 Video Games Rentals 2025-04-11 N/A
SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.
CVE-2009-4732 1 Technotoad 1 Tt Web Site Manager 2025-04-11 N/A
SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-3032 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-11 N/A
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message.
CVE-2009-4745 1 Dreamlevels 1 Dreampoll 2025-04-11 N/A
Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action.
CVE-2009-4749 1 Phplivesupport 1 Php Live\! 2025-04-11 N/A
Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php.
CVE-2010-0630 1 Evernewscripts 1 Free Joke Script 2025-04-11 N/A
SQL injection vulnerability in viewjokes.php in Evernew Free Joke Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4792 1 Karl Core 1 Bandsite Cms 2025-04-11 N/A
SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php.
CVE-2009-4795 1 Xlightftpd 1 Xlight Ftp Server 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.
CVE-2010-5058 1 Alephsystem 1 Cms Ariadna 2025-04-11 N/A
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4796 1 Glfusion 1 Glfusion 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
CVE-2009-4797 1 Jobhut.spranger 1 Jobhut 2025-04-11 N/A
SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter.
CVE-2009-4805 1 Will Kraft 1 Ez-blog 2025-04-11 N/A
Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php.
CVE-2012-0868 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2025-04-11 N/A
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
CVE-2011-1915 1 Infor 2 Eclient, Enspire Distribution Management Solution 2025-04-11 N/A
SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4884 1 Bernhard Frohlich 1 Phpcom 2025-04-11 N/A
Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.
CVE-2011-4803 2 Bravenewcode, Wordpress 2 Wptouch, Wordpress 2025-04-11 N/A
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4940 1 Zeuscart 1 Zeuscart 2025-04-11 N/A
SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
CVE-2009-4969 1 Typo3 2 Sbanner, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4970 2 Typo3, Typo3-macher 2 Typo3, T3m Affiliate 2025-04-11 N/A
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.