Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-07 | CVE-2006-7138 | SQL Injection vulnerability in Oracle Apex 2.0/2.1 SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. | 6.0 |
| 2007-03-06 | CVE-2006-7118 | SQL Injection vulnerability in Dmxready Site Engine Manager 1.0 SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | 7.5 |
| 2007-03-06 | CVE-2006-7116 | SQL Injection vulnerability in Kubix SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php. | 7.5 |
| 2007-03-03 | CVE-2007-1250 | SQL Injection vulnerability in Angel Learning Management Suite 7.1 SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-03-02 | CVE-2007-1171 | SQL Injection vulnerability in Nukescripts Nukesentinel SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie. | 7.5 |
| 2007-03-02 | CVE-2007-1166 | SQL Injection vulnerability in Nabocorp Nabopoll 1.2 SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter. | 7.5 |
| 2007-03-02 | CVE-2007-1163 | SQL Injection vulnerability in Webspell 4.0/4.01.00/4.01.01 SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | 7.5 |
| 2007-03-02 | CVE-2007-1154 | SQL Injection vulnerability in Webspell SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | 6.8 |
| 2007-03-02 | CVE-2006-7089 | SQL Injection vulnerability in BAN 0.1 SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-02-23 | CVE-2006-7025 | SQL Injection vulnerability in Sangwan KIM Bookmark4U 2.0/2.1 SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter. | 7.5 |