Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-09 | CVE-2006-4039 | SQL Injection vulnerability in Chaossoft Gaestechaos Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters. | 7.5 |
| 2006-08-07 | CVE-2006-4010 | SQL Injection vulnerability in Vwar Virtual WAR 1.5.0 SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
| 2006-08-01 | CVE-2006-3960 | SQL Injection vulnerability in X-Scripts X-Poll 2.30 SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. | 7.5 |
| 2006-07-27 | CVE-2006-3904 | SQL Injection vulnerability in Etomite 0.6 SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | 6.8 |
| 2006-07-25 | CVE-2006-3823 | SQL Injection vulnerability in Geodesicsolutions Geoauctions Premier and Geoclassifieds Basic SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter. | 5.1 |
| 2006-07-24 | CVE-2006-3775 | SQL Injection vulnerability in Mybulletinboard 1.1.5 SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. | 7.5 |
| 2006-07-21 | CVE-2006-3688 | SQL Injection vulnerability in Francisco Charrua Photo-Gallery 1.0 SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-07-07 | CVE-2006-3430 | SQL Injection vulnerability in multiple products SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | 7.5 |
| 2006-06-29 | CVE-2006-3318 | SQL Injection vulnerability in Spiffyjr PHPraid 3.0.6 SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters. | 5.1 |
| 2006-06-23 | CVE-2006-3181 | SQL Injection vulnerability in Mobescripts Mobile Space Community 2.0 SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter. | 7.5 |