CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2006(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2006-4141 Exec Code Sql 2006-08-14 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters.
352 CVE-2006-4119 Exec Code Sql 2006-08-14 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
353 CVE-2006-4118 Exec Code Sql 2006-08-14 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables.
354 CVE-2006-4114 Exec Code Sql 2006-08-14 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter.
355 CVE-2006-4108 Exec Code Sql 2006-08-14 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
356 CVE-2006-4107 Exec Code Sql 2006-08-14 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search.
357 CVE-2006-4072 Exec Code Sql 2006-08-10 2017-10-18
6.5
User Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 allow remote attackers to execute arbitrary SQL commands via the (1) haber_id parameter to haber_detay.asp, and allow remote authenticated users to execute arbitrary SQL commands via the (2) menu_id parameter to menu.asp.
358 CVE-2006-4064 89 Exec Code Sql 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported reported that 2.0 is also affected.
359 CVE-2006-4056 Exec Code Sql 2006-08-09 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. NOTE: portions of these details are obtained from third party information.
360 CVE-2006-4047 Exec Code Sql 2006-08-09 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
361 CVE-2006-4042 89 Exec Code Sql 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.
362 CVE-2006-4041 Exec Code Sql 2006-08-09 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
363 CVE-2006-4039 89 Exec Code Sql 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters.
364 CVE-2006-4035 Exec Code Sql 2006-08-09 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
365 CVE-2006-4025 Exec Code Sql 2006-08-08 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.
366 CVE-2006-4023 Overflow Sql +Info 2006-08-08 2018-10-17
5.0
None Remote Low Not required Partial None None
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
367 CVE-2006-4010 89 Exec Code Sql 2006-08-07 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139.
368 CVE-2006-3996 Exec Code Sql 2006-08-04 2018-10-17
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
369 CVE-2006-3994 Exec Code Sql Bypass 2006-08-04 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.
370 CVE-2006-3963 Exec Code Sql 2006-08-01 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.
371 CVE-2006-3960 89 Exec Code Sql 2006-08-01 2011-08-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
372 CVE-2006-3959 Exec Code Sql 2006-08-01 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.
373 CVE-2006-3950 Exec Code Sql 2006-08-01 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
374 CVE-2006-3940 Exec Code Sql 2006-07-31 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.
375 CVE-2006-3932 Exec Code Sql 2006-07-31 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
376 CVE-2006-3926 Exec Code Sql 2006-07-31 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php.
377 CVE-2006-3919 Exec Code Sql 2006-07-27 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in SD Studio CMS allows remote attackers to execute arbitrary SQL commands via the (1) news_id, (2) tid, and (3) page_id parameters.
378 CVE-2006-3905 Exec Code Sql 2006-07-27 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function.
379 CVE-2006-3904 89 Exec Code Sql 2006-07-27 2017-10-18
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
380 CVE-2006-3886 Exec Code Sql 2006-07-26 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is already covered by CVE-2006-1807, and the show parameter/top action is already covered by CVE-2006-1360.
381 CVE-2006-3884 Exec Code Sql 2006-07-26 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE.
382 CVE-2006-3851 Exec Code Sql 2006-07-25 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.
383 CVE-2006-3832 Exec Code Sql 2006-07-25 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
384 CVE-2006-3828 Sql Bypass 2006-07-25 2018-10-17
6.5
User Remote Low Single system Partial Partial Partial
Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace."
385 CVE-2006-3827 Exec Code Sql 2006-07-25 2018-10-17
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.
386 CVE-2006-3823 89 1 Exec Code Sql 2006-07-25 2015-09-01
5.1
User Remote High Not required Partial Partial Partial
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter.
387 CVE-2006-3822 Exec Code Sql 2006-07-25 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter.
388 CVE-2006-3799 Sql Bypass 2006-07-24 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
389 CVE-2006-3797 Sql Bypass 2006-07-24 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies.
390 CVE-2006-3794 Exec Code Sql 2006-07-24 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried."
391 CVE-2006-3792 Exec Code Sql 2006-07-24 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the packet.c_str function.
392 CVE-2006-3775 89 Exec Code Sql 2006-07-24 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
393 CVE-2006-3770 Exec Code Sql 2006-07-24 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters.
394 CVE-2006-3763 Exec Code Sql 2006-07-21 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
395 CVE-2006-3760 Exec Code Sql 2006-07-21 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
396 CVE-2006-3758 Sql 2006-07-21 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.
397 CVE-2006-3752 Exec Code Sql 2006-07-21 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in class.php in Professional Home Page Tools Guestbook allow remote attackers to execute arbitrary SQL commands via the (1) hidemail, (2) name, (3) mail, (4) ip, or (5) text parameters.
398 CVE-2006-3727 Exec Code Sql 2006-07-21 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) gr_1_id, (2) gr_2_id, (3) gr_3_id, and (4) doc_id parameters in (a) index.php; the (5) uid and (6) pwd parameters in (b) php/esa.php; and possibly other vectors related to files in php/lib/ including (c) del.php, (d) download_backup.php, (e) navig.php, (f) restore.php, (g) set_12.php, (h) set_14.php, and (i) upd_doc.php.
399 CVE-2006-3705 Sql 2006-07-21 2018-10-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE.
400 CVE-2006-3702 Sql 2006-07-21 2018-10-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081.
Total number of vulnerabilities : 967   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.