Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-31 | CVE-2007-4634 | SQL Injection vulnerability in Cisco Call Manager and Unified Communications Manager Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265. | 9.3 |
| 2007-08-31 | CVE-2007-4611 | SQL Injection vulnerability in Dale Mooney Calendar Events SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-08-31 | CVE-2007-4604 | SQL Injection vulnerability in Dinkumsoft.Com DL Paycart 1.01 SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | 7.5 |
| 2007-08-31 | CVE-2007-4603 | SQL Injection vulnerability in Altercoder ACG News 1.0 Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action. | 7.5 |
| 2007-08-31 | CVE-2007-4602 | SQL Injection vulnerability in Implied BY Design Micro CMS 3.5 SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
| 2007-08-30 | CVE-2007-4597 | SQL Injection vulnerability in Turnkey web Tools Sunshop Shopping Cart 4.0 SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549. | 7.5 |
| 2007-08-29 | CVE-2007-4581 | SQL Injection vulnerability in Wbb2-Addon Acrotxt 1 SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 allows remote attackers to execute arbitrary SQL commands via the show parameter. | 7.5 |
| 2007-08-28 | CVE-2007-4552 | SQL Injection vulnerability in Agares Media Arcadem 2.0.1 SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. | 7.5 |
| 2007-08-27 | CVE-2007-4540 | SQL Injection vulnerability in Olate Olatedownload 3.4.2 Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header. | 7.5 |
| 2007-08-23 | CVE-2007-4491 | SQL Injection vulnerability in Gurur Haber Gurur Haber 2.0 SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |