Search Results (37414 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4731 1 Boldfx 1 Model Agency Manager Pro 2025-04-11 N/A
SQL injection vulnerability in photos.php in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVE-2009-4720 1 Gnudip 1 Gnudip 2025-04-11 N/A
SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4712 1 Tukanas 1 Easyclassifieds Script 2025-04-11 N/A
SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter.
CVE-2009-4711 2 Jan Bednarik, Typo3 2 Cooluri, Typo3 2025-04-11 N/A
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
CVE-2009-4709 2 Dirk Maiwert, Typo3 2 Datamints Newsticker, Typo3 2025-04-11 N/A
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4703 1 Typo3 2 Typo3, Ws Gallery 2025-04-11 N/A
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4702 2 Markus Barchfeld, Typo3 2 Pm Tour, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4701 2 Liviu Mitrofan, Typo3 2 Myth Download, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-2847 2 Gonzalo Maser, Joomla 2 Com Artforms, Joomla\! 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.
CVE-2009-4695 1 Radscripts 1 Radlance 2025-04-11 N/A
SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
CVE-2010-2912 1 Kayako 1 Esupport 2025-04-11 N/A
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
CVE-2011-5213 1 Browsercrm 1 Browsercrm 2025-04-11 N/A
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
CVE-2010-2926 1 Solucija 1 Snews 2025-04-11 N/A
SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2011-5137 1 Tforum 1 Tforum 2025-04-11 N/A
Multiple SQL injection vulnerabilities in tForum b0.915 allow remote attackers to execute arbitrary SQL commands via the (1) TopicID parameter to viewtopic.php, the (2) BoardID parameter to viewboard.php, or (3) CatID parameter to viewcat.php.
CVE-2009-4673 1 Mole-group 1 Adult Portal Script 2025-04-11 N/A
SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2012-1071 2 Mathieu Vidal, Typo3 2 Mv Cooking, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012.
CVE-2012-1029 1 Tubeace 1 Tube Ace 2025-04-11 N/A
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
CVE-2011-1653 1 Broadcom 1 Total Defense 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.
CVE-2011-5201 1 Steveyolam 1 Tinyguestbook 2025-04-11 N/A
Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the (1) name and (2) msg parameters. NOTE: some of these details are obtained from third party information.
CVE-2011-0448 1 Rubyonrails 1 Rails 2025-04-11 N/A
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.