VIR Vulnerability Intelligence Relay

Search

Found 2,563 results in 420ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2011-4559 high 8.5 EXP vtiger 15y ago SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.…
CVE-2010-5062 high 8.5 EXP mh_products 15y ago SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter.
CVE-2010-5060 high 8.5 EXP internet-works 15y ago SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-5059 high 8.5 EXP cmscout 15y ago SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action.
CVE-2010-5058 high 8.5 EXP alephsystem 15y ago SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. NOTE: the provenance of this information is un…
CVE-2010-5057 high 8.5 EXP alephsystem 15y ago SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter.
CVE-2010-5056 high 8.5 EXP gbu_graficijoomla 15y ago SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action…
CVE-2010-5055 high 8.5 EXP almnzm 15y ago SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-5053 high 8.5 EXP php-shop-systemjoomla 15y ago SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.ph…
CVE-2010-5047 high 8.5 EXP v-eva 15y ago SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-1516 high 8.6 EXP macos macos 15y ago The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to ac…
CVE-2011-4066 high 8.5 EXP sir 15y ago SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
CVE-2011-1513 high 8.5 EXP e107 15y ago Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code…
CVE-2010-5041 high 8.5 EXP john_bradshawnucleuscms 15y ago SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
CVE-2010-5039 high 8.5 EXP scriptsfeed 15y ago SQL injection vulnerability in control/admin_login.php in ScriptsFeed Recipes Listing Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter (aka the UserName …
CVE-2010-5037 high 8.5 EXP michau_enterprises 15y ago SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
CVE-2010-5036 high 8.5 EXP iscripts 15y ago SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2010-5034 high 8.5 EXP iscripts 15y ago SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
CVE-2010-5033 high 8.5 EXP fusebox 15y ago SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.
CVE-2010-5032 high 8.5 EXP tamlyncreativejoomla 15y ago SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial acti…
CVE-2010-5029 high 8.5 EXP codefabrik 15y ago SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action.
CVE-2010-5028 high 8.5 EXP harmistechnologyjoomla 15y ago SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to inde…
CVE-2010-5023 high 8.5 EXP cramerdev 15y ago SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter.
CVE-2010-5022 high 8.5 EXP harmistechnologyjoomla 15y ago SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
CVE-2010-5021 high 8.5 EXP cramerdev 15y ago SQL injection vulnerability in view_group.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter.
CVE-2010-5020 high 8.5 EXP netartmedia 15y ago SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2010-5019 high 8.5 EXP 2daybiz 15y ago SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
CVE-2010-5017 high 8.5 EXP eliteladders 15y ago SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.
CVE-2010-5016 high 8.5 EXP eliteladders 15y ago SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the match parameter.
CVE-2010-5015 high 8.5 EXP 2daybiz 15y ago SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
CVE-2010-5014 high 8.5 EXP eliteladders 15y ago SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladder[id] parameter.
CVE-2010-5013 high 8.5 EXP mckenziecreations 15y ago SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter.
CVE-2010-5012 high 8.5 EXP david_noguera_gutierrez 15y ago SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third pa…
CVE-2010-5011 high 8.5 EXP schoolmation 15y ago SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.
CVE-2010-5009 high 8.5 EXP ut-files 15y ago SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action.
CVE-2010-5008 high 8.5 EXP denaliintranet 15y ago SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.
CVE-2010-5004 high 8.5 EXP 2daybiz 15y ago SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2010-5000 high 8.5 EXP joe_pieruccini 15y ago SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_…
CVE-2010-4998 high 8.5 EXP maulana_al_matien 15y ago PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore para…
CVE-2010-4997 high 8.5 EXP olykit 15y ago SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action.
CVE-2011-4075 high 8.5 EXPFIX debian debian phpldapadmin_project 15y ago The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine act…
CVE-2010-5003 high 8.5 EXP autarticajoomla 15y ago SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial …
CVE-2010-5001 high 8.5 EXP esoftpro 15y ago SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4999 high 8.5 EXP esoftpro 15y ago SQL injection vulnerability in index.php in esoftpro Online Photo Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVE-2010-4996 high 8.5 EXP esoftpro 15y ago SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2010-4995 high 8.5 EXP neojoomlajoomla 15y ago SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action t…
CVE-2010-4993 high 8.5 EXP kay_messerschmidtjoomla 15y ago SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2010-4992 high 8.5 EXP paymentsplusjoomla 15y ago SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html.
CVE-2010-4991 high 8.5 EXP ninjaforgejoomla 15y ago SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to inde…
CVE-2010-4990 high 8.5 EXP b-elektrojoomla 15y ago SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact acti…
CVE-2010-4989 high 8.5 EXP farsi-cms 15y ago SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter.
CVE-2010-4988 high 8.5 EXP familycms 15y ago PHP remote file inclusion vulnerability in mod_chatting/themes/default/header.php in Family Connections Who is Chatting 2.2.3 allows remote attackers to execute arbitrary PHP code via a URL in the TM…
CVE-2010-4987 high 8.5 EXP kmsoft 15y ago SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2010-4986 high 8.5 EXP cafuego 15y ago SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.
CVE-2010-4984 high 8.5 EXP mykazaam 15y ago SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the "Enter Reference Number Below" text b…
CVE-2010-4983 high 8.5 EXP iscripts 15y ago SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4982 high 8.5 EXP mykazaam 15y ago SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter.
CVE-2010-4981 high 8.5 EXP yourfreeworld 15y ago SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtaine…
CVE-2010-4980 high 8.5 EXP iscripts 15y ago SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2010-4979 high 8.5 EXP nicholas_berry 15y ago SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
CVE-2010-4977 high 8.5 EXP miniworkjoomla 15y ago SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.
CVE-2010-4975 high 8.5 EXP techjoomlajoomla 15y ago SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in …
CVE-2010-4974 high 8.5 EXP brotherscripts 15y ago SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4972 high 8.5 EXP ypninc 15y ago SQL injection vulnerability in index.php in YPNinc JokeScript allows remote attackers to execute arbitrary SQL commands via the ypncat_id parameter.
CVE-2010-4970 high 8.5 EXP wikiwebhelp 15y ago SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0.28 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4969 high 8.5 EXP brotherscripts 15y ago SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4968 high 8.5 EXP webmaster-tipsjoomla 15y ago SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.…
CVE-2011-3315 high 8.8 EXP cisco 15y ago Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (…
CVE-2011-4026 high 8.5 EXP xia_zuojie 15y ago SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-3340 high 8.5 EXP atcom 15y ago SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
CVE-2010-4967 high 8.5 EXP atcom 15y ago SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter.
CVE-2009-5102 high 8.5 EXP atcom 15y ago SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
CVE-2011-3556 high 8.5 EXP sunoracle 15y ago Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and …
CVE-2011-4062 high 8.2 EXP freebsd freebsd 15y ago Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX…
CVE-2011-1985 high 7.1 8.1 EXP windows windows 15y ago win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not pro…
CVE-2011-2189 high 7.5 8.5 EXPFIX linux-kernel rhelubuntu ubuntu 15y ago net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause…
CVE-2010-4963 high 8.5 EXP hulihanapplications 15y ago SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
CVE-2010-4959 high 8.5 EXP preproject 15y ago SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2010-4955 high 8.5 EXP php-programs 15y ago SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than …
CVE-2010-4954 high 8.5 EXP gambio 15y ago SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
CVE-2010-4948 high 8.5 EXP phpgalleryscript 15y ago PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2010-4946 high 8.5 EXP allpcscript 15y ago SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
CVE-2010-4945 high 8.5 EXP joomla 15y ago SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2010-4944 high 8.5 EXP joomlamambo-foundation 15y ago SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProf…
CVE-2010-4943 high 8.5 EXP brothersoft 15y ago Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php.
CVE-2010-4942 high 8.5 EXP e-xoopport 15y ago SQL injection vulnerability in location.php in the eCal module in E-Xoopport Samsara 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2010-4941 high 8.5 EXP joomlamojoomla 15y ago SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save act…
CVE-2010-4940 high 8.5 EXP wanewsletter 15y ago SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4939 high 8.5 EXP scripts.bdr130 15y ago PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
CVE-2010-4938 high 8.5 EXP joomla 15y ago SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php.…
CVE-2010-4937 high 8.5 EXP robitbtjoomla 15y ago Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to in…
CVE-2010-4935 high 8.5 EXP khader_abbeb 15y ago SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2010-4934 high 8.5 EXP svcreation 15y ago SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4933 high 8.5 EXP geeklog 15y ago SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2010-4929 high 8.5 EXP joostina-cmsjoomla 15y ago SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
CVE-2010-4927 high 8.5 EXP photoindochinajoomla 15y ago SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country actio…
CVE-2010-4926 high 8.5 EXP timetrackjoomla 15y ago SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to ind…
CVE-2010-4925 high 8.5 EXP nuked-klan 15y ago SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4924 high 8.5 EXP clearbudget 15y ago PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this iss…
CVE-2010-4922 high 8.5 EXP allinta 15y ago Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow remote attackers to execute arbitrary SQL commands via the i parameter in an edit action to (1) contentAE.asp or (2) templatesAE…