Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-23 | CVE-2007-6106 | SQL Injection vulnerability in Alstrasoft E-Friends SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action. | 7.5 |
| 2007-11-22 | CVE-2007-6091 | SQL Injection vulnerability in Jiro Banner System 2.0 Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field. | 7.5 |
| 2007-11-22 | CVE-2007-6084 | SQL Injection vulnerability in Hotscripts Clone Script SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-11-22 | CVE-2007-6083 | SQL Injection vulnerability in Icebb 1.0Rc6 SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | 7.5 |
| 2007-11-21 | CVE-2007-6080 | SQL Injection vulnerability in Bcoos 1.0.10 SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. | 7.5 |
| 2007-11-21 | CVE-2007-6078 | SQL Injection vulnerability in Skyportal RC6 Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; or the (5) Avatar_URL, (6) LINK1, or (7) LINK2 parameter to cp_main.asp in an EditIt action. | 7.5 |
| 2007-11-20 | CVE-2007-6058 | SQL Injection vulnerability in Profilecms Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module. | 7.5 |
| 2007-11-20 | CVE-2007-6035 | SQL Injection vulnerability in Cacti SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | 7.5 |
| 2007-11-20 | CVE-2007-6032 | SQL Injection vulnerability in Aleris web Publishing Server 3.0 SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter. | 7.5 |
| 2007-11-16 | CVE-2007-6012 | SQL Injection vulnerability in Gatesoft Docusafe 4.1.0/4.1.2 SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section). | 7.5 |