Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-14 | CVE-2011-0432 | SQL Injection vulnerability in Simon Pamies Pywebdav Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. | 7.5 |
| 2011-03-09 | CVE-2011-1343 | SQL Injection vulnerability in IBM Tivoli Netcool/Omnibus SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters." | 7.5 |
| 2011-03-01 | CVE-2010-4752 | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. | 6.8 |
| 2011-03-01 | CVE-2010-4751 | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. | 6.0 |
| 2011-02-25 | CVE-2011-1100 | SQL Injection vulnerability in Pixelpost 1.7.3 Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action. | 6.5 |
| 2011-02-23 | CVE-2011-1064 | SQL Injection vulnerability in Qibosoft QI BO CMS 7 SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter. | 6.8 |
| 2011-02-23 | CVE-2011-1061 | SQL Injection vulnerability in Webmastersite WSN Guest 1.24 SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter. | 7.5 |
| 2011-02-23 | CVE-2011-1060 | SQL Injection vulnerability in Webmastersite WSN Guest 1.24 SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php. | 7.5 |
| 2011-02-21 | CVE-2011-1048 | SQL Injection vulnerability in Mihantools 1.33 SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2011-02-21 | CVE-2011-1047 | SQL Injection vulnerability in Vasthtml Forum Server 1.6.1/1.6.5 Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php. | 7.5 |