Search Results (37415 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4782 1 Softwebsnepal 1 Ananda Real Estate 2025-04-11 N/A
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
CVE-2010-4945 1 Joomla 2 Com Camelcitydb2, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2012-0226 1 Invensys 1 Wonderware Information Server 2025-04-11 N/A
SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4952 2 Joachim Ruhs, Typo3 2 Festat, Typo3 2025-04-11 N/A
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0381 1 Phpmyspace 1 Phpmyspace 2025-04-11 N/A
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a show_stats action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4963 1 Hulihanapplications 1 Hulihan Bxr 2025-04-11 N/A
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
CVE-2010-0373 1 Joomla 2 Com Libros, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2010-4989 1 Farsi-cms 1 Ziggurat Farsi Cms 2025-04-11 N/A
SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter.
CVE-2013-5015 1 Symantec 2 Endpoint Protection Manager, Protection Center 2025-04-11 N/A
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4770 1 Commodityrentals 1 Dvd Rentals Script 2025-04-11 N/A
SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
CVE-2010-5019 1 2daybiz 1 Online Classified Script 2025-04-11 N/A
SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
CVE-2011-4215 1 Oneorzero 1 Aims 2025-04-11 N/A
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable.
CVE-2012-0994 1 Zenphoto 1 Zenphoto 2025-04-11 N/A
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.
CVE-2012-3516 2 Citrix, Xen 2 Xenserver, Xen 2025-04-11 N/A
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location.
CVE-2010-1498 1 Clausvb 1 Dl Stats 2025-04-11 N/A
Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php.
CVE-2010-1499 1 Musicboxv2 1 Musicbox 2025-04-11 N/A
SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-0763 1 Commodityrentals 1 Vacation Rental Software 2025-04-11 N/A
SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action.
CVE-2010-0762 1 Commodityrentals 1 Cd Rental Software 2025-04-11 N/A
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
CVE-2013-5003 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.
CVE-2011-5224 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2025-04-11 N/A
SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.