Search Results (37027 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2856 1 Ownrs 1 Ownrs 2026-04-23 N/A
SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2847 1 Softdivision 1 Maxtrade Aoi 2026-04-23 N/A
SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php.
CVE-2008-5003 1 Shahrood 1 Shahrood 2026-04-23 N/A
SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4095 1 Bsm Store 1 Dependent Forums 2026-04-23 N/A
SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp.
CVE-2008-2845 1 Mybizz-classifieds 1 Mybizz-classifieds 2026-04-23 N/A
SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-6640 1 Aspindir 1 Batmanportal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4659 1 Typo3 2 Mannschaftsliste, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-4625 2 Shiftthis, Wordpress 2 Shifthis Newsletter, Wordpress 2026-04-23 N/A
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
CVE-2008-2012 1 Postnuke Software Foundation 1 Postschedule 2026-04-23 N/A
SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action.
CVE-2008-5841 1 Igamingcms 1 Igaming Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.
CVE-2008-5882 2 Avaya, Citrix 4 Ag250, Broadcast Server, Application Gateway For Avaya and 1 more 2026-04-23 N/A
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter.
CVE-2008-5955 1 Phpstreet 1 Webboard 2026-04-23 N/A
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5954 1 Ktp Computer Customer Database 1 Ktp Computer Customer Database 2026-04-23 N/A
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4436 1 Bblog 1 Wbblog 2026-04-23 N/A
SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter.
CVE-2008-2034 1 Wordpress 1 Download Monitor Plugin 2026-04-23 N/A
SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4409 1 Xmlsoft 1 Libxml2 2026-04-23 N/A
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.
CVE-2008-2532 1 Aj Square 1 Aj Hyip 2026-04-23 N/A
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4653 1 Xoops 2 Makale, Xoops 2026-04-23 N/A
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-4657 1 Typo3 2 Econda Plugin, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-4570 1 Real-estate-scripts 1 Real-estate-scripts 2026-04-23 N/A
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.