CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2011(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2010-4812 89 Exec Code Sql 2011-07-08 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php.
252 CVE-2010-4809 89 2 Exec Code Sql 2011-07-08 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
253 CVE-2010-4808 89 2 Exec Code Sql 2011-07-08 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter.
254 CVE-2010-4800 89 2 Exec Code Sql 2011-04-26 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
255 CVE-2010-4799 89 2 Exec Code Sql 2011-04-26 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtained from third party information.
256 CVE-2010-4797 89 2 Exec Code Sql 2011-04-26 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
257 CVE-2010-4796 89 Exec Code Sql 2011-04-26 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) provinceid parameter to search.php and the (2) e parameter to resumeview.php.
258 CVE-2010-4795 89 1 Exec Code Sql 2011-04-26 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
259 CVE-2010-4793 89 2 Exec Code Sql 2011-04-26 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter.
260 CVE-2010-4791 89 2 Exec Code Sql 2011-04-26 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter.
261 CVE-2010-4784 89 1 Exec Code Sql 2011-04-07 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
262 CVE-2010-4782 89 2 Exec Code Sql 2011-04-07 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
263 CVE-2010-4780 89 2 Exec Code Sql 2011-04-07 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.
264 CVE-2010-4776 89 2 Exec Code Sql 2011-03-23 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.
265 CVE-2010-4774 89 1 Exec Code Sql 2011-03-23 2011-03-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.
266 CVE-2010-4771 89 1 Exec Code Sql 2011-03-23 2011-03-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
267 CVE-2010-4770 89 2 Exec Code Sql 2011-03-23 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
268 CVE-2010-4752 89 Exec Code Sql 2011-03-01 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
269 CVE-2010-4751 89 Exec Code Sql 2011-03-01 2017-08-16
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485.
270 CVE-2010-4739 89 2 Exec Code Sql 2011-02-15 2013-07-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.
271 CVE-2010-4738 89 1 Exec Code Sql 2011-02-15 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
272 CVE-2010-4737 89 2 Exec Code Sql 2011-02-15 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.
273 CVE-2010-4736 89 2 Exec Code Sql 2011-02-15 2011-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.
274 CVE-2010-4735 89 1 Exec Code Sql 2011-02-15 2011-02-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter.
275 CVE-2010-4721 89 1 Exec Code Sql 2011-02-01 2011-02-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
276 CVE-2010-4720 89 Exec Code Sql 2011-02-01 2011-02-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page.
277 CVE-2010-4703 89 Exec Code Sql 2011-01-20 2011-01-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
278 CVE-2010-4702 89 Exec Code Sql 2011-01-20 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
279 CVE-2010-4700 89 Sql 2011-01-18 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
280 CVE-2010-4696 89 Exec Code Sql 2011-01-18 2011-07-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
281 CVE-2010-4496 89 Exec Code Sql 2011-01-07 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
282 CVE-2010-4284 89 Exec Code Sql 2011-05-09 2011-05-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
283 CVE-2010-4166 89 Exec Code Sql 2011-01-18 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.
284 CVE-2010-3929 89 Exec Code Sql 2011-02-01 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.
285 CVE-2010-3924 89 Exec Code Sql 2011-01-13 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
286 CVE-2010-3594 Sql 2011-01-19 2017-08-16
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Real User Experience Insight component in Oracle Enterprise Manager Grid Control 6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Processing. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this is SQL injection in rsynclogdird involving improper escaping of UTF-8 characters while processing log files.
287 CVE-2010-0115 89 Exec Code Sql 2011-01-14 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter.
288 CVE-2009-5102 89 1 Exec Code Sql 2011-10-21 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
289 CVE-2009-5094 89 1 Exec Code Sql 2011-09-12 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter.
290 CVE-2009-5091 89 1 Exec Code Sql 2011-09-12 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
291 CVE-2009-5090 89 1 Exec Code Sql 2011-09-12 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors.
292 CVE-2009-5088 89 1 Exec Code Sql 2011-09-12 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter.
293 CVE-2008-7302 89 Exec Code Sql 2011-10-04 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
294 CVE-2008-7301 89 Exec Code Sql 2011-10-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Total number of vulnerabilities : 294   Page : 1 2 3 4 5 6 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.