| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters. |
| SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action. |
| SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password. |
| SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password. |
| SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. |
| SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. |
| Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier. |
| SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. |
| SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. |
| SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter. |
| SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (2) s_orderby parameters to plexcart.pl. |
| Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php. |
| SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown, although it may be based on post-disclosure analysis of CVE-2006-0110; the details are obtained solely from third party information. |
| SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. |
| SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. |
| Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts. |
| SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable). |
| SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name. |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action. |
| Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. |
