Export limit exceeded: 19010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1487 | 1 Fishnet | 1 Fishcart | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable | ||||
| CVE-2006-4734 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. | ||||
| CVE-2006-4064 | 1 Yenerturk | 1 Yenerturk Haber Script | 2026-04-16 | N/A |
| SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported reported that 2.0 is also affected. | ||||
| CVE-2004-2754 | 1 Yabb | 1 Yabb Se | 2026-04-16 | N/A |
| SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. | ||||
| CVE-2006-4042 | 1 Mywebland | 1 Mybloggie | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. | ||||
| CVE-2004-2751 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-16 | N/A |
| SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | ||||
| CVE-2004-2746 | 1 Pensacola Web Designs | 1 Xtremeasp Photogallery | 2026-04-16 | N/A |
| SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||||
| CVE-2005-4040 | 1 Tawbaware | 1 Filelister | 2026-04-16 | N/A |
| SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp. | ||||
| CVE-2004-2737 | 1 Netsupport | 1 Dna Helpdesk | 2026-04-16 | N/A |
| SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter. | ||||
| CVE-2005-4058 | 1 Saralblog | 1 Saralblog | 2026-04-16 | N/A |
| SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php. | ||||
| CVE-2006-4039 | 1 Chaossoft | 1 Gaestechaos | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters. | ||||
| CVE-2004-2716 | 1 Php Heaven | 1 Phpmychat | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | ||||
| CVE-2005-4071 | 1 Cfmagic | 1 Magic Forum Personal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. | ||||
| CVE-2004-2695 | 2 Jelsoft, Point-to-point Protocol Project | 2 Vbulletin, Point-to-point Protocol | 2026-04-16 | N/A |
| SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267. | ||||
| CVE-2006-4010 | 1 Vwar | 1 Virtual War | 2026-04-16 | N/A |
| SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139. | ||||
| CVE-2004-1553 | 1 Fullrevolution | 1 Aspwebalbum | 2026-04-16 | N/A |
| SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action. | ||||
| CVE-2005-4073 | 1 Cfmagic | 1 Magic List Pro | 2026-04-16 | N/A |
| SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter. | ||||
| CVE-2003-0845 | 2 Jboss, Redhat | 2 Jboss, Enterprise Linux | 2026-04-16 | N/A |
| Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8. | ||||
| CVE-2006-3960 | 1 X-scripts | 1 X-poll | 2026-04-16 | N/A |
| SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2002-2391 | 2 Webchat.org, Xoops | 2 Webchat, Xoops | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. | ||||