Export limit exceeded: 19852 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19852 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-0519 1 Gallarific 1 Php Photo Gallery Script 2025-04-11 N/A
SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-2311 1 Php 1 Php 2025-04-11 N/A
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
CVE-2011-1328 1 Radvision 1 Iview Suite 2025-04-11 N/A
SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-1556 1 Aphpkb 1 Aphpkb 2025-04-11 N/A
SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter.
CVE-2011-3394 1 Myrephp 1 Myre Real Estate Software 2025-04-11 N/A
SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2011-4460 1 Bestpractical 1 Rt 2025-04-11 N/A
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.
CVE-2011-4638 1 Spamtitan 1 Webtitan 2025-04-11 N/A
Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php.
CVE-2006-7247 2 Joomla, Mambo-foundation 3 Com Weblinks, Joomla\!, Mambo 2025-04-11 N/A
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2012-0226 1 Invensys 1 Wonderware Information Server 2025-04-11 N/A
SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1029 1 Tubeace 1 Tube Ace 2025-04-11 N/A
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-2086 1 Gajim 1 Gajim 2025-04-11 N/A
SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.
CVE-2012-2306 2 Drupal, Willem Van Der Plaat 2 Drupal, Addressbook 2025-04-11 N/A
SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2338 1 Johan Cwiklinski 1 Galette 2025-04-11 N/A
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.
CVE-2012-2961 1 Symantec 1 Web Gateway 2025-04-11 N/A
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-1204 1 Tableausoftware 1 Tableau Server 2025-04-11 N/A
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.
CVE-2012-3953 1 Phplist 1 Phplist 2025-04-11 N/A
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
CVE-2012-4055 1 Uiga 1 Fan Club 2025-04-11 N/A
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2012-4060 1 Asp-dev 1 Xm Forums 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.
CVE-2012-4061 1 Asp-dev 1 Xm Diary 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp.
CVE-2012-5227 1 Peel 1 Peel Shopping 2025-04-11 N/A
SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.