CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2005(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4832 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.
2 CVE-2005-4822 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in projects/project-edit.asp in Digger Solutions Intranet Open Source (IOS) version 2.7.2 allows remote attackers to execute arbitrary SQL commands via the project_id parameter.
3 CVE-2005-4821 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 and earlier allow remote attackers to execute arbitrary SQL commands via parameters including (1) the m parameter in auth.php, (2) the f parameter in events.php, or (3) the e parameter in plug.php.
4 CVE-2005-4818 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Copernicus Europa allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5 CVE-2005-4792 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
6 CVE-2005-4781 Exec Code Sql 2005-12-31 2008-09-20
5.0
None Remote Low Not required None Partial None
Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the (1) idartist, (2) idsong, and (3) idalbum parameters to modules.php.
7 CVE-2005-4770 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in an unspecified Accelerated Enterprise Solutions product, possibly Accelerated E Solutions, allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
8 CVE-2005-4769 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attackers to execute arbitrary SQL commands via the addr_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
9 CVE-2005-4768 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter in a manageaccount action to index.php.
10 CVE-2005-4745 Exec Code Sql 2005-12-31 2010-04-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
11 CVE-2005-4744 DoS Exec Code Sql 2005-12-31 2010-08-21
6.4
None Remote Low Not required Partial None Partial
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
12 CVE-2005-4743 Exec Code Sql 2005-12-31 2008-09-20
5.0
None Remote Low Not required None Partial None
Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters.
13 CVE-2005-4729 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerabilitiy in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.
14 CVE-2005-4724 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header.
15 CVE-2005-4719 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php.
16 CVE-2005-4715 Exec Code Sql Bypass 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests.
17 CVE-2005-4711 89 Exec Code Sql 2005-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
18 CVE-2005-4702 Sql 2005-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430.
19 CVE-2005-4677 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php.
20 CVE-2005-4674 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter.
21 CVE-2005-4669 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
22 CVE-2005-4664 Exec Code Sql 2005-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.
23 CVE-2005-4662 Exec Code Sql 2005-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664.
24 CVE-2005-4656 Exec Code Sql 2005-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all usernames and passwords, via the id parameter.
25 CVE-2005-4652 Exec Code Sql 2005-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
26 CVE-2005-4651 Exec Code Sql 2005-12-31 2008-09-20
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter.
27 CVE-2005-4647 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) forumsId and (2) topicId parameters in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
28 CVE-2005-4645 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter.
29 CVE-2005-4643 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it is not clear, but this might be an application service provider, in which case it might be excluded from CVE.
30 CVE-2005-4641 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
31 CVE-2005-4640 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters.
32 CVE-2005-4634 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information.
33 CVE-2005-4632 89 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.
34 CVE-2005-4631 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter.
35 CVE-2005-4630 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billdetailid, (3) fuse, and (4) frmClientID parameters.
36 CVE-2005-4629 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters.
37 CVE-2005-4628 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
38 CVE-2005-4619 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method.
39 CVE-2005-4617 89 Exec Code Sql 2005-12-31 2013-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter.
40 CVE-2005-4616 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitrary SQL commands via the include_file parameter.
41 CVE-2005-4615 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
42 CVE-2005-4614 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to execute arbitrary SQL commands or obtain the full installation path via (1) the c parameter in cart.php and (2) unspecified search module parameters.
43 CVE-2005-4612 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote attackers to execute arbitrary SQL commands via the (1) f parameter to viewforum.php, (2) t parameter to viewtopic.php, and (3) view parameter to usercp.php.
44 CVE-2005-4611 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in Free ClickBank 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keywords parameter.
45 CVE-2005-4608 Exec Code Sql 2005-12-31 2008-09-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters.
46 CVE-2005-4606 89 Exec Code Sql 2005-12-31 2010-12-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.
47 CVE-2005-4602 Exec Code Sql 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment.
48 CVE-2005-4586 Exec Code Sql 2005-12-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts.
49 CVE-2005-4578 Exec Code Sql 2005-12-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form.
50 CVE-2005-4572 Exec Code Sql 2005-12-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) GroupsId and (2) ItemsId parameters in admin.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Total number of vulnerabilities : 604   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.