Export limit exceeded: 357836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19368 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2973 | 1 Php Lite | 1 Calendar Express | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c. | ||||
| CVE-2006-2363 | 1 Limbo Cms | 1 Limbo Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2006-2301 | 1 Ozzywork | 1 Galeri | 2026-04-16 | N/A |
| SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields. | ||||
| CVE-2006-2268 | 1 Flexcustomer | 1 Flexcustomer | 2026-04-16 | N/A |
| SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected. | ||||
| CVE-2006-2259 | 1 Maxxcode | 1 Maxxschedule | 2026-04-16 | N/A |
| SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | ||||
| CVE-2006-2239 | 1 Tuomas Airaksinen | 1 Newsadmin | 2026-04-16 | N/A |
| SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows remote attackers to execute arbitrary SQL commands via the nid parameter. | ||||
| CVE-2006-2157 | 1 Plogger | 1 Plogger | 2026-04-16 | N/A |
| SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246. | ||||
| CVE-2006-1501 | 1 Oneorzero | 1 Oneorzero | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action. | ||||
| CVE-2003-1533 | 1 Phppass | 1 Phppass | 2026-04-16 | N/A |
| SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. | ||||
| CVE-2004-1553 | 1 Fullrevolution | 1 Aspwebalbum | 2026-04-16 | N/A |
| SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action. | ||||
| CVE-2005-0252 | 1 Guillaumegardey | 1 Biborb | 2026-04-16 | N/A |
| SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password. | ||||
| CVE-2005-0413 | 1 Myphp Forum | 1 Myphp Forum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier. | ||||
| CVE-2005-1487 | 1 Fishnet | 1 Fishcart | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable | ||||
| CVE-2005-1500 | 1 Mywebland | 1 Mybloggie | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well. | ||||
| CVE-2005-2983 | 1 Oracle | 1 Reports | 2026-04-16 | N/A |
| SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. | ||||
| CVE-2005-3046 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-16 | N/A |
| SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field. | ||||
| CVE-2006-1500 | 1 Tilde | 1 Tilde Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-1423 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-16 | N/A |
| SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter. | ||||
| CVE-2006-1360 | 1 Musicbox | 1 Musicbox | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php. | ||||
| CVE-2006-1330 | 1 Phpwebsite | 1 Phpwebsite | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. | ||||