Export limit exceeded: 19590 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19590 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3598 | 1 Psi-labs | 1 Psipuss | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php. | ||||
| CVE-2008-3594 | 1 Magicscripts | 2 E-store Kit-1, E-store Kit-2 | 2026-04-23 | N/A |
| SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter. | ||||
| CVE-2008-3590 | 1 Egi Zaberl | 1 E.z. Poll | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1573 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. | ||||
| CVE-2008-3585 | 1 Pozscripts | 1 Greencart Php Shopping Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php. | ||||
| CVE-2008-3561 | 1 Powergap | 1 Shopsystem | 2026-04-23 | N/A |
| SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter. | ||||
| CVE-2008-3513 | 1 Php Nuke | 1 Basis Consultant Book Catalog | 2026-04-23 | N/A |
| SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php. | ||||
| CVE-2008-3413 | 1 Greatclone | 1 Auction Platinum | 2026-04-23 | N/A |
| SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | ||||
| CVE-2008-3377 | 1 Brandon Tallent | 1 Phptest | 2026-04-23 | N/A |
| SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | ||||
| CVE-2007-2803 | 1 Vizayn Urun | 1 Tanitim Sitesi | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. | ||||
| CVE-2008-3352 | 1 Nersoft | 1 Live Music Plus | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action. | ||||
| CVE-2008-3386 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086. | ||||
| CVE-2008-3306 | 1 Youtube Blog | 1 Youtube Blog | 2026-04-23 | N/A |
| SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5269 | 1 Powie | 1 Psys | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter. | ||||
| CVE-2008-0939 | 1 Wordpress | 1 Photo Album Plugin | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0937 | 2 Tinyevent, Xoops | 2 Tinyevent, Tiny Event Module | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | ||||
| CVE-2007-3637 | 1 Mkportal | 1 Mkportal | 2026-04-23 | N/A |
| SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | ||||
| CVE-2007-3652 | 1 Fascript | 1 Faname | 2026-04-23 | 9.8 Critical |
| SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328. | ||||
| CVE-2007-3677 | 1 Maxsi | 1 Evisit Analyst | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages. | ||||
| CVE-2007-3687 | 1 Infernotechnologies | 1 Rpg Inferno | 2026-04-23 | N/A |
| SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action. | ||||