Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-18 | CVE-2006-0249 | SQL Injection vulnerability in Bitdamaged Geoblog Mod1.0 SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable). | 7.5 |
| 2006-01-18 | CVE-2006-0240 | SQL Injection vulnerability in 8Pixel.Net Simple Blog Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts. | 7.5 |
| 2006-01-13 | CVE-2006-0205 | SQL Injection vulnerability in Wordcircle 2.17 Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts. | 5.1 |
| 2006-01-13 | CVE-2006-0199 | SQL Injection vulnerability in Mini-Nuke CMS System SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | 7.5 |
| 2006-01-13 | CVE-2006-0192 | SQL Injection vulnerability in Philip Loftin Aspsurvey 1.10 SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. | 7.5 |
| 2006-01-10 | CVE-2006-0160 | SQL Injection vulnerability in Venom Board Venom Board 1.22 SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3. | 7.5 |
| 2006-01-10 | CVE-2006-0159 | SQL Injection vulnerability in Javier Suarez Sanz Foro Domus 2.10 SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. | 7.5 |
| 2006-01-09 | CVE-2006-0123 | SQL Injection vulnerability in ADN Forum ADN Forum 1.0/1.0B Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors. | 7.5 |
| 2006-01-09 | CVE-2006-0115 | SQL Injection vulnerability in Oneplug Solutions Oneplug CMS Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp. | 7.5 |
| 2006-01-04 | CVE-2006-0074 | SQL Injection vulnerability in Jevontech PHPenpals SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. | 7.5 |