Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2006-03-02 CVE-2006-0959 SQL Injection vulnerability in Mybulletinboard 1.0.3/1.0.4
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie.
network
low complexity
mybulletinboard CWE-89
7.5
2006-02-25 CVE-2006-0897 SQL Injection vulnerability in Virtual Communication Services Vpmi Enterprise 3.3
** DISPUTED ** SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp.
network
low complexity
virtual-communication-services CWE-89
7.5
2006-02-19 CVE-2006-0772 SQL Injection vulnerability in Hitachi Business Logic 0203/0300
SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function.
network
low complexity
hitachi CWE-89
7.5
2006-02-18 CVE-2006-0750 SQL Injection vulnerability in Supersmashbrothers Army System 2.1.0Foripb
SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php.
network
low complexity
supersmashbrothers CWE-89
7.5
2006-02-15 CVE-2006-0692 SQL Injection vulnerability in Carey Briggs PHP Mysql Timesheet 1/2
Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php.
network
low complexity
carey-briggs CWE-89
7.5
2006-02-08 CVE-2006-0602 SQL Injection vulnerability in Hinton Design PHPhg Guestbook 1.2
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or (6) admin/edit_filter.php.
network
low complexity
hinton-design CWE-89
7.5
2006-02-08 CVE-2006-0586 SQL Injection vulnerability in Oracle Application Server and Oracle10G
Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package.
network
low complexity
oracle CWE-89
7.5
2006-02-01 CVE-2006-0510 SQL Injection vulnerability in Daffodil Software Daffodil CRM 1.5
SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action.
network
low complexity
daffodil-software CWE-89
7.5
2006-01-25 CVE-2006-0413 SQL Injection vulnerability in Newsphp
Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter.
network
low complexity
newsphp CWE-89
7.5
2006-01-25 CVE-2006-0412 SQL Injection vulnerability in Gencbeyin web Programlama Cybershop
SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.
network
low complexity
gencbeyin-web-programlama CWE-89
7.5