Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-27 | CVE-2006-6747 | SQL Injection vulnerability in Dreaxteam Xt-News 0.1 SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter. | 7.5 |
2006-12-23 | CVE-2006-6706 | SQL Injection vulnerability in Soumu products SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages. | 6.5 |
2006-12-10 | CVE-2006-6402 | SQL Injection vulnerability in Mystats SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter. | 7.5 |
2006-12-07 | CVE-2006-6367 | SQL Injection vulnerability in Duware Dudownload, Dunews and Dupaypal Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. | 7.5 |
2006-12-07 | CVE-2006-6349 | SQL Injection vulnerability in PWP Technologies the Classified AD System Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine. | 7.5 |
2006-12-07 | CVE-2006-6337 | SQL Injection vulnerability in Aspindir Aspee Ziyaretci Defteri Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter. | 7.5 |
2006-11-28 | CVE-2006-6157 | SQL Injection vulnerability in Michaelis Freunde Contentnow SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | 7.5 |
2006-11-24 | CVE-2006-6095 | SQL Injection vulnerability in Dotnetindex Active News Manager Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. | 7.5 |
2006-11-24 | CVE-2006-6073 | SQL Injection vulnerability in Enthrallweb Eshopping Cart Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. | 7.5 |
2006-11-22 | CVE-2006-6048 | SQL Injection vulnerability in Etomite 0.6.1.2 SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |