Search Results (37486 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7232 1 Esri 1 Arcgis Server 2025-04-11 N/A
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.
CVE-2013-3527 1 Vanillaforums 1 Vanilla 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
CVE-2013-7242 1 Zenphoto 1 Zenphoto 2025-04-11 N/A
SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter.
CVE-2010-2047 1 Joenasejes 1 Je Cms 2025-04-11 N/A
SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information.
CVE-2012-5900 1 Samedia 1 Landshop 2025-04-11 N/A
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.
CVE-2009-4720 1 Gnudip 1 Gnudip 2025-04-11 N/A
SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2051 1 Debliteck 1 Dbcart 2025-04-11 N/A
SQL injection vulnerability in article.php in Debliteck DBCart allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-1581 1 Wireshark 1 Wireshark 2025-04-11 N/A
The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet.
CVE-2013-4137 1 Status 1 Statusnet 2025-04-11 N/A
Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format."
CVE-2010-0614 1 Myshell 1 Evalsmsi 2025-04-11 N/A
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions.
CVE-2012-2105 1 Peter Kovacs 1 Timesheet Next Gen 2025-04-11 N/A
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
CVE-2012-6507 1 Jason Sexauer 1 Churchcms 2025-04-11 N/A
Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action.
CVE-2009-4712 1 Tukanas 1 Easyclassifieds Script 2025-04-11 N/A
SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter.
CVE-2009-4711 2 Jan Bednarik, Typo3 2 Cooluri, Typo3 2025-04-11 N/A
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
CVE-2010-4363 1 Mrcgiguy 1 Freeticket 2025-04-11 N/A
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action.
CVE-2013-1575 1 Wireshark 1 Wireshark 2025-04-11 N/A
The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2010-4887 2 Raphael Zschorsch, Typo3 2 Commentsbe, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4365 2 Harmistechnology, Joomla 2 Com Jeajaxeventcalendar, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.
CVE-2009-4709 2 Dirk Maiwert, Typo3 2 Datamints Newsticker, Typo3 2025-04-11 N/A
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4015 1 Debian 1 Lintian 2025-04-11 N/A
Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.