CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2006(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-7232 89 DoS Sql 2006-12-31 2010-08-21
3.5
None Remote Medium Single system None None Partial
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
2 CVE-2006-7231 89 Exec Code Sql 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
3 CVE-2006-6912 89 Exec Code Sql 2006-12-31 2011-08-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
4 CVE-2006-6911 Exec Code Sql 2006-12-31 2008-11-15
6.0
User Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.
5 CVE-2006-6880 89 Exec Code Sql 2006-12-31 2010-07-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.
6 CVE-2006-6873 Exec Code Sql 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.
7 CVE-2006-6861 Exec Code Sql 2006-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
8 CVE-2006-6859 Exec Code Sql 2006-12-31 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
9 CVE-2006-6848 89 Exec Code Sql 2006-12-31 2011-08-08
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter.
10 CVE-2006-6846 Exec Code Sql 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp.
11 CVE-2006-6842 Exec Code Sql 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter.
12 CVE-2006-6835 Exec Code Sql 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php.
13 CVE-2006-6831 Exec Code Sql 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter.
14 CVE-2006-6828 Exec Code Sql 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794.
15 CVE-2006-6816 Exec Code Sql 2006-12-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo.
16 CVE-2006-6813 Exec Code Sql 2006-12-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
17 CVE-2006-6807 Exec Code Sql 2006-12-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter.
18 CVE-2006-6806 Exec Code Sql 2006-12-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
19 CVE-2006-6805 Exec Code Sql 2006-12-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
20 CVE-2006-6804 Exec Code Sql 2006-12-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
21 CVE-2006-6803 Exec Code Sql 2006-12-28 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter.
22 CVE-2006-6802 Exec Code Sql 2006-12-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
23 CVE-2006-6799 Exec Code Sql 2006-12-28 2010-09-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.
24 CVE-2006-6794 Exec Code Sql 2006-12-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter.
25 CVE-2006-6792 Exec Code Sql 2006-12-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
26 CVE-2006-6791 Exec Code Sql 2006-12-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) txtUse and (2) txtPas parameters.
27 CVE-2006-6787 Exec Code Sql 2006-12-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
28 CVE-2006-6784 Exec Code Sql 2006-12-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form.
29 CVE-2006-6780 Exec Code Sql 2006-12-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter.
30 CVE-2006-6776 Exec Code Sql 2006-12-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm.
31 CVE-2006-6766 Exec Code Sql 2006-12-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information.
32 CVE-2006-6754 Exec Code Sql 2006-12-26 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors.
33 CVE-2006-6747 89 Exec Code Sql 2006-12-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter.
34 CVE-2006-6716 Exec Code Sql 2006-12-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in administration/administre2.php in Eric GUILLAUME uploader&downloader 3 allows remote attackers to execute arbitrary SQL commands via the id_user parameter.
35 CVE-2006-6709 Exec Code Sql 2006-12-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp. NOTE: some of these details are obtained from third party information.
36 CVE-2006-6706 89 Exec Code Sql 2006-12-22 2008-09-05
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages.
37 CVE-2006-6672 Exec Code Sql 2006-12-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
38 CVE-2006-6671 Exec Code Sql 2006-12-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
39 CVE-2006-6667 Exec Code Sql 2006-12-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
40 CVE-2006-6642 Exec Code Sql 2006-12-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
41 CVE-2006-6606 Exec Code Sql 2006-12-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
42 CVE-2006-6595 Exec Code Sql 2006-12-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via "Manage Resources" and possibly other unspecified components.
43 CVE-2006-6594 Exec Code Sql 2006-12-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in utilities/usermessages.asp in ScriptMate User Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the mesid parameter.
44 CVE-2006-6577 Exec Code Sql 2006-12-15 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
45 CVE-2006-6559 Exec Code Sql 2006-12-14 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ProductDetails.asp in Lotfian Request For Travel 1.0 allows remote attackers to execute arbitrary SQL commands via the PID parameter.
46 CVE-2006-6555 Exec Code Sql 2006-12-14 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
47 CVE-2006-6543 Exec Code Sql 2006-12-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.asp in AppIntellect SpotLight CRM 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) login (UserName) and possibly (2) password parameter. NOTE: some of these details are obtained from third party information.
48 CVE-2006-6542 Exec Code Sql 2006-12-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Fantastic News 2.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
49 CVE-2006-6540 Exec Code Sql 2006-12-13 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information.
50 CVE-2006-6530 Exec Code Sql 2006-12-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Total number of vulnerabilities : 967   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.