CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2006(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2006-3292 Exec Code Sql 2006-06-28 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).
452 CVE-2006-3283 Exec Code Sql 2006-06-28 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php.
453 CVE-2006-3275 Exec Code Sql 2006-06-28 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action.
454 CVE-2006-3271 Exec Code Sql 2006-06-28 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
455 CVE-2006-3270 Exec Code Sql 2006-06-28 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
456 CVE-2006-3267 Exec Code Sql 2006-06-27 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
457 CVE-2006-3263 Exec Code Sql 2006-06-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
458 CVE-2006-3262 Exec Code Sql 2006-06-27 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
459 CVE-2006-3256 Exec Code Sql 2006-06-27 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
460 CVE-2006-3255 Exec Code Sql 2006-06-27 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
461 CVE-2006-3254 Exec Code Sql 2006-06-27 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
462 CVE-2006-3249 Exec Code Sql 2006-06-27 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in search.php in Phorum 5.1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the vendor has disputed this report, stating "If a non positive integer or non-integer is used for the page parameter for a search URL, the search query will use a negative number for the LIMIT clause. This causes the query to break, showing no results. It IS NOT however a sql injection error." While the original report is from a researcher with mixed accuracy, as of 20060703, CVE does not have any additional information regarding this issue.
463 CVE-2006-3244 Exec Code Sql 2006-06-27 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in query.php.
464 CVE-2006-3243 Exec Code Sql 2006-06-27 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.
465 CVE-2006-3239 Exec Code Sql 2006-06-27 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter.
466 CVE-2006-3238 Exec Code Sql 2006-06-27 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php.
467 CVE-2006-3236 Exec Code Sql 2006-06-27 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php.
468 CVE-2006-3234 Exec Code Sql 2006-06-27 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) produkt, (2) id_produc, and (3) id_kat parameters.
469 CVE-2006-3221 Exec Code Sql 2006-06-24 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.
470 CVE-2006-3220 Exec Code Sql 2006-06-24 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
471 CVE-2006-3219 Exec Code Sql 2006-06-24 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.
472 CVE-2006-3218 Exec Code Sql 2006-06-24 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
473 CVE-2006-3213 Exec Code Sql 2006-06-23 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter to an unspecified script, possibly host/yeni_host.asp.
474 CVE-2006-3190 Exec Code Sql Bypass 2006-06-22 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.
475 CVE-2006-3188 Exec Code Sql 2006-06-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
476 CVE-2006-3187 Sql XSS 2006-06-22 2017-07-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: it is possible that this is resultant from SQL injection or a forced SQL error.
477 CVE-2006-3181 89 Exec Code Sql 2006-06-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter.
478 CVE-2006-3176 Exec Code Sql 2006-06-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
479 CVE-2006-3168 Exec Code Sql 2006-06-22 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.
480 CVE-2006-3165 Exec Code Sql 2006-06-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
481 CVE-2006-3164 Exec Code Sql 2006-06-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter.
482 CVE-2006-3163 Exec Code Sql 2006-06-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters.
483 CVE-2006-3161 Exec Code Sql 2006-06-22 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter.
484 CVE-2006-3154 Exec Code Sql 2006-06-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
485 CVE-2006-3152 Exec Code Sql 2006-06-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php, (b) write_newad.php, (c) newad.php, (d) printad.php, (e) askseller.php, (f) browse.php, (g) showmemberads.php, (h) note_ad.php, (i) abuse.php, (j) buynow.php, (k) confirm_newad.php, (2) an parameter in (l) printad.php, (m) note_ad.php, (3) who parameter in (n) showmemberads.php, and (4) adnr parameter in (o) buynow.php.
486 CVE-2006-3150 Exec Code Sql 2006-06-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
487 CVE-2006-3148 Exec Code Sql 2006-06-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php.
488 CVE-2006-3142 Exec Code Sql 2006-06-22 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
489 CVE-2006-3140 Exec Code Sql 2006-06-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
490 CVE-2006-3139 89 Exec Code Sql 2006-06-22 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.
491 CVE-2006-3135 Exec Code Sql 2006-07-13 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.
492 CVE-2006-3130 Exec Code Sql 2006-06-21 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter.
493 CVE-2006-3115 Exec Code Sql 2006-06-29 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter.
494 CVE-2006-3111 Exec Code Sql 2006-06-20 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr.
495 CVE-2006-3096 Exec Code Sql 2006-06-19 2017-07-20
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm. NOTE: this item was created based on information in a blog entry that was apparently removed after CVE analysis. As of 20060619, CVE is attempting to determine the cause of the removal.
496 CVE-2006-3094 Exec Code Sql 2006-06-19 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php.
497 CVE-2006-3090 Exec Code Sql 2006-06-19 2018-10-18
5.1
User Remote High Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_pays parameter in (a) /pays/modifier_pays.php; (2) id_produit, (3) quantite, (4) prix_ht, and (5) date parameter in (b) /stocks/ajouter.php; (6) id_cat parameter in (c) /produits/modifier_cat.php; (7) id_client parameter in (d) /clients/modifier_client.php; (8) id_remise parameter in (e) /remises/index.php; (9) id_taux parameter in (f) /tva/index.php; (10) ref_produit, and (11) id_stock parameter in (g) /stocks/index.php; (12) id_pays parameter in (h) /pays/index.php; and (13) id_cat parameter in (i) /produits/index.php.
498 CVE-2006-3078 Exec Code Sql 2006-06-19 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php.
499 CVE-2006-3065 Exec Code Sql 2006-06-19 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different.
500 CVE-2006-3064 89 Exec Code Sql 2006-06-19 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.
Total number of vulnerabilities : 967   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.