CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2011(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-1100 89 1 Exec Code Sql 2011-02-25 2017-08-16
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
2 CVE-2011-1064 89 Exec Code Sql 2011-02-22 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter.
3 CVE-2011-1061 89 1 Exec Code Sql 2011-02-22 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter.
4 CVE-2011-1060 89 Exec Code Sql 2011-02-22 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.
5 CVE-2011-1055 89 1 Exec Code Sql 2011-02-21 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.
6 CVE-2011-1048 89 1 Exec Code Sql 2011-02-21 2011-02-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter.
7 CVE-2011-1047 89 Exec Code Sql 2011-02-21 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.
8 CVE-2011-0448 89 Sql 2011-02-21 2019-08-08
7.5
None Remote Low Not required Partial Partial Partial
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
9 CVE-2010-4739 89 2 Exec Code Sql 2011-02-15 2013-07-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.
10 CVE-2010-4738 89 1 Exec Code Sql 2011-02-15 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
11 CVE-2010-4737 89 2 Exec Code Sql 2011-02-15 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.
12 CVE-2010-4736 89 2 Exec Code Sql 2011-02-15 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.
13 CVE-2010-4735 89 1 Exec Code Sql 2011-02-15 2011-02-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter.
14 CVE-2010-4721 89 1 Exec Code Sql 2011-02-01 2011-02-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
15 CVE-2010-4720 89 Exec Code Sql 2011-02-01 2011-02-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page.
16 CVE-2010-3929 89 Exec Code Sql 2011-02-01 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.
Total number of vulnerabilities : 16   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.