Export limit exceeded: 19852 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19852 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-0519 | 1 Gallarific | 1 Php Photo Gallery Script | 2025-04-11 | N/A |
| SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2012-2311 | 1 Php | 1 Php | 2025-04-11 | N/A |
| sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. | ||||
| CVE-2011-1328 | 1 Radvision | 1 Iview Suite | 2025-04-11 | N/A |
| SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-1556 | 1 Aphpkb | 1 Aphpkb | 2025-04-11 | N/A |
| SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter. | ||||
| CVE-2011-3394 | 1 Myrephp | 1 Myre Real Estate Software | 2025-04-11 | N/A |
| SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2011-4460 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account. | ||||
| CVE-2011-4638 | 1 Spamtitan | 1 Webtitan | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php. | ||||
| CVE-2006-7247 | 2 Joomla, Mambo-foundation | 3 Com Weblinks, Joomla\!, Mambo | 2025-04-11 | N/A |
| SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | ||||
| CVE-2012-0226 | 1 Invensys | 1 Wonderware Information Server | 2025-04-11 | N/A |
| SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1029 | 1 Tubeace | 1 Tube Ace | 2025-04-11 | N/A |
| SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-2086 | 1 Gajim | 1 Gajim | 2025-04-11 | N/A |
| SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. | ||||
| CVE-2012-2306 | 2 Drupal, Willem Van Der Plaat | 2 Drupal, Addressbook | 2025-04-11 | N/A |
| SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-2338 | 1 Johan Cwiklinski | 1 Galette | 2025-04-11 | N/A |
| SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php. | ||||
| CVE-2012-2961 | 1 Symantec | 1 Web Gateway | 2025-04-11 | N/A |
| SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-1204 | 1 Tableausoftware | 1 Tableau Server | 2025-04-11 | N/A |
| SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled. | ||||
| CVE-2012-3953 | 1 Phplist | 1 Phplist | 2025-04-11 | N/A |
| SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | ||||
| CVE-2012-4055 | 1 Uiga | 1 Fan Club | 2025-04-11 | N/A |
| SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||||
| CVE-2012-4060 | 1 Asp-dev | 1 Xm Forums | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp. | ||||
| CVE-2012-4061 | 1 Asp-dev | 1 Xm Diary | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp. | ||||
| CVE-2012-5227 | 1 Peel | 1 Peel Shopping | 2025-04-11 | N/A |
| SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||