Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-23 | CVE-2004-1339 | SQL Injection vulnerability in Oracle Database Server and Oracle9I SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters. | 6.5 |
| 2004-04-12 | CVE-2004-1925 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php. | 7.5 |
| 2003-12-31 | CVE-2003-1533 | SQL Injection vulnerability in PHPpass 2 SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. | 7.5 |
| 2003-12-31 | CVE-2003-1532 | SQL Injection vulnerability in Julien Desaunay PHPmyshop 1.00 SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters. | 7.5 |
| 2003-12-31 | CVE-2003-1530 | SQL Injection vulnerability in PHPbb 2.0.3 SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter. | 7.5 |
| 2003-12-31 | CVE-2003-1523 | SQL Injection vulnerability in Dbmail 1.0/1.1 SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors. | 7.5 |
| 2003-12-31 | CVE-2003-1520 | SQL Injection vulnerability in Fuzzymonkey Myclassifieds 2.11 SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter. | 6.8 |
| 2003-12-31 | CVE-2003-1504 | SQL Injection vulnerability in Goldscripts Goldlink 3.0 SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php. | 7.5 |
| 2003-12-31 | CVE-2003-1458 | SQL Injection vulnerability in Ttcms and Ttforum SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name. | 7.5 |
| 2003-12-31 | CVE-2003-1435 | SQL Injection vulnerability in Francisco Burzi PHP-Nuke 5.6/6.0 SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. | 7.5 |