Total
14138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3960 | 1 X-scripts | 1 X-poll | 2024-11-21 | N/A |
| SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-3904 | 1 Etomite | 1 Etomite | 2024-11-21 | N/A |
| SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-3823 | 1 Geodesicsolutions | 2 Geoauctions Premier, Geoclassifieds Basic | 2024-11-21 | N/A |
| SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter. | ||||
| CVE-2006-3775 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-11-21 | N/A |
| SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. | ||||
| CVE-2006-3688 | 1 Francisco Charrua | 1 Photo-gallery | 2024-11-21 | N/A |
| SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3430 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2024-11-21 | N/A |
| SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | ||||
| CVE-2006-3318 | 1 Spiffyjr | 1 Phpraid | 2024-11-21 | N/A |
| SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters. | ||||
| CVE-2006-3181 | 1 Mobescripts | 1 Mobile Space Community | 2024-11-21 | N/A |
| SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter. | ||||
| CVE-2006-3139 | 1 Vwar | 1 Virtual War | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters. | ||||
| CVE-2006-3064 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | N/A |
| SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. | ||||
| CVE-2006-3048 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-2977 | 1 Mafia Moblog | 1 Mafia Moblog | 2024-11-21 | N/A |
| SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter. | ||||
| CVE-2006-2973 | 1 Php Lite | 1 Calendar Express | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c. | ||||
| CVE-2006-2760 | 1 Warpspeed | 1 4nforum | 2024-11-21 | N/A |
| SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | ||||
| CVE-2006-2416 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. | ||||
| CVE-2006-2363 | 1 Limbo Cms | 1 Limbo Cms | 2024-11-21 | N/A |
| SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2006-2301 | 1 Ozzywork | 1 Galeri | 2024-11-21 | N/A |
| SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields. | ||||
| CVE-2006-2268 | 1 Flexcustomer | 1 Flexcustomer | 2024-11-21 | N/A |
| SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected. | ||||
| CVE-2006-2259 | 1 Maxxcode | 1 Maxxschedule | 2024-11-21 | N/A |
| SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | ||||
| CVE-2006-2239 | 1 Tuomas Airaksinen | 1 Newsadmin | 2024-11-21 | N/A |
| SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows remote attackers to execute arbitrary SQL commands via the nid parameter. | ||||