Search Results (37493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1704 1 2daybiz 1 Polls Script 2025-04-11 N/A
Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.
CVE-2010-3484 1 Lightneasy 1 Lightneasy 2025-04-11 N/A
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.
CVE-2010-2299 1 Google 1 Chrome 2025-04-11 N/A
The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a "Type Confusion" issue.
CVE-2010-1705 1 Rocky.nu 1 Modelbook 2025-04-11 N/A
SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter.
CVE-2011-5235 1 Mnogosearch 1 Mnogosearch 2025-04-11 N/A
SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link.
CVE-2010-1708 1 Freerealty.rwcinc 1 Free Realty 2025-04-11 N/A
Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).
CVE-2010-1873 2 Joomla, Jvehicles 2 Joomla\!, Com Jvehicles 2025-04-11 N/A
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-5088 1 Ideacart 1 Ideacart 2025-04-11 N/A
SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter.
CVE-2011-5215 1 2daybiz 1 Video Community Portal Script 2025-04-11 N/A
SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-1706 1 2daybiz 1 Auction Script 2025-04-11 N/A
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1713 1 Postnuke 1 Postnuke 2025-04-11 N/A
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.
CVE-2013-0451 1 Ibm 1 Maximo Asset Management 2025-04-11 N/A
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-3525 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
CVE-2010-2621 2 Digia, Qt 2 Qt, Qt 2025-04-11 N/A
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
CVE-2011-5213 1 Browsercrm 1 Browsercrm 2025-04-11 N/A
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
CVE-2010-2623 1 Internetdm 1 Bed And Breakfast 2025-04-11 N/A
SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter.
CVE-2010-1733 1 Ocsinventory-ng 1 Ocs Inventory Ng 2025-04-11 N/A
Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2141 1 Nitropowered 1 Nitro Web Gallery 2025-04-11 N/A
SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action.
CVE-2012-3477 1 Thomas Hunter 1 Neoinvoice 2025-04-11 N/A
SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action.
CVE-2010-2134 1 Http-solution 1 Project Man 2025-04-11 N/A
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.