Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-20 | CVE-2005-2983 | SQL Injection vulnerability in Oracle Reports 1.00 SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. | 7.5 |
| 2005-06-16 | CVE-2005-2035 | SQL Injection vulnerability in Cool Cafe Chat Cool Cafe Chat 1.2.1 SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password. | 7.5 |
| 2005-05-11 | CVE-2005-1500 | SQL Injection vulnerability in Mywebland Mybloggie 2.1.1/2.1.3 Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. | 7.5 |
| 2005-05-02 | CVE-2005-1017 | SQL Injection vulnerability in Maxwebportal SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp. | 7.5 |
| 2005-04-27 | CVE-2005-0413 | SQL Injection vulnerability in Myphp Forum Myphp Forum 1.0/2.0/3.0 Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. | 7.5 |
| 2004-12-31 | CVE-2004-2754 | SQL Injection vulnerability in Yabb SE SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. | 7.5 |
| 2004-12-31 | CVE-2004-2751 | SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.722/0.723/0.726 SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 6.8 |
| 2004-12-31 | CVE-2004-2746 | SQL Injection vulnerability in Pensacola web Designs Xtremeasp Photogallery 2.0 SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 |
| 2004-12-31 | CVE-2004-2737 | SQL Injection vulnerability in Netsupport DNA Helpdesk 1.01 SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2716 | SQL Injection vulnerability in PHP Heaven PHPmychat 0.14.5 Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | 7.5 |