Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-09-28 | CVE-2009-3443 | SQL Injection vulnerability in Fastballproductions COM Fastball 1.1.0/1.2 SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php. | 7.5 |
2009-09-28 | CVE-2009-3439 | SQL Injection vulnerability in Alienvault Ossim 1.0.4/1.0.6/2.1 Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu. | 6.5 |
2009-09-28 | CVE-2009-3438 | SQL Injection vulnerability in Witchakorn Kamolpornwijit COM Facebook SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php. | 7.5 |
2009-09-28 | CVE-2009-3436 | SQL Injection vulnerability in Maxwebportal Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID or (2) CAT_ID parameter. | 7.5 |
2009-09-28 | CVE-2009-3434 | SQL Injection vulnerability in Onestopjoomla COM Tupinambis 1.0 SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php. | 7.5 |
2009-09-25 | CVE-2009-3430 | SQL Injection vulnerability in Allomani Mobile 2.5 SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | 7.5 |
2009-09-25 | CVE-2009-3419 | SQL Injection vulnerability in Intesync Miniweb 2.0 SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter. | 7.5 |
2009-09-25 | CVE-2009-3417 | SQL Injection vulnerability in Idojoomla COM Idoblog 1.1 SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627. | 7.5 |
2009-09-24 | CVE-2009-3361 | SQL Injection vulnerability in Paul Gibbs PHP-Ipnmonitor SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitrary SQL commands via the maincat_id parameter. | 7.5 |
2009-09-24 | CVE-2009-3358 | SQL Injection vulnerability in Tourismscripts Adult Portal Escort Listing SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | 7.5 |