Search Results (37491 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0489 1 Apple 1 Mac Os X 2026-04-16 N/A
Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.
CVE-2005-3325 2 Acid, Secureideas 2 Analysis Console For Intrusion Databases, Basic Analysis And Security Engine 2026-04-16 N/A
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters.
CVE-2006-1978 1 Flexbb 1 Flexbb 2026-04-16 N/A
SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter.
CVE-2005-4263 1 Envolution 1 Envolution 2026-04-16 N/A
SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter.
CVE-2005-4199 1 Mybb 1 Mybb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.
CVE-2005-1017 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp.
CVE-2005-3952 1 Php Labs 1 Top Auction 2026-04-16 N/A
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
CVE-2006-3318 1 Spiffyjr 1 Phpraid 2026-04-16 N/A
SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.
CVE-2005-3744 1 Phpcomasy 1 Phpcomasy 2026-04-16 N/A
SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php.
CVE-2003-1244 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
CVE-2006-1751 1 Michiel Van Baak 1 Mvblog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2005-3046 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field.
CVE-2005-1500 1 Mywebland 1 Mybloggie 2026-04-16 N/A
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
CVE-2006-3430 2 Lumension, Novell 2 Patchlink Update Server, Zenworks 2026-04-16 N/A
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
CVE-2006-0413 1 Newsphp 1 Newsphp 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter.
CVE-2006-4214 1 Zen Cart 1 Zen Cart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php).
CVE-2004-2746 1 Pensacola Web Designs 1 Xtremeasp Photogallery 2026-04-16 N/A
SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2005-1487 1 Fishnet 1 Fishcart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable
CVE-2002-2305 1 Phpsecure.org 1 Immobilier 2026-04-16 N/A
SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter.
CVE-2006-3904 1 Etomite 1 Etomite 2026-04-16 N/A
SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.