Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 224883 entries
IDDescriptionPriorityModified date
CVE-2008-6327 SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter, a different vector than CVE-2008-6312. High Feb 27, 2009
CVE-2008-6312 SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. High Feb 27, 2009
CVE-2008-5269 SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the showUnchangeds parameter. High Dec 1, 2008
CVE-2009-1410 SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. High Apr 24, 2009
CVE-2008-3601 SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action. High Aug 14, 2008
CVE-2008-4743 SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter. High Oct 27, 2008
CVE-2009-2599 SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action. High Jul 27, 2009
CVE-2009-4696 SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. High Mar 11, 2010
CVE-2009-3529 SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074. Medium Oct 5, 2009
CVE-2009-4695 SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. High Mar 11, 2010
CVE-2008-4570 SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. High Oct 16, 2008
CVE-2008-4086 SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. High Sep 15, 2008
CVE-2008-3185 SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action. Medium Jul 16, 2008
CVE-2009-2339 SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter. High Jul 8, 2009
CVE-2010-1857 SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Medium May 11, 2010
CVE-2010-2721 SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action. High Jul 15, 2010
CVE-2009-0109 SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. High Jan 9, 2009
CVE-2008-4736 SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter. High Oct 24, 2008
CVE-2010-5061 SQL injection vulnerability in index.php in RSStatic allows remote attackers to execute arbitrary SQL commands via the maxarticles parameter. High Nov 28, 2011
CVE-2009-1910 SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter. High Jun 5, 2009
CVE-2008-2411 SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action. Medium May 22, 2008
CVE-2010-3212 SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO. High Sep 6, 2010
CVE-2008-6011 SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. High Jan 30, 2009
CVE-2009-2023 SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter. Medium Jun 10, 2009
CVE-2008-3774 SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. High Aug 25, 2008
CVE-2008-0147 SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action. Medium Jan 9, 2008
CVE-2008-2183 SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter. High May 14, 2008
CVE-2010-2926 SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter. High Aug 2, 2010
CVE-2008-2874 SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050. High Jun 26, 2008
CVE-2008-1050 SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. High Feb 28, 2008
CVE-2008-6488 SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action. High Mar 26, 2009
CVE-2008-6485 SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter. High Mar 19, 2009
CVE-2008-4039 SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter. High Sep 12, 2008
CVE-2009-3224 SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter. High Sep 17, 2009
CVE-2008-4647 SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. High Oct 22, 2008
CVE-2013-2690 SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action. High Apr 2, 2013
CVE-2010-1341 SQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter. High Apr 12, 2010
CVE-2008-0270 SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter. Medium Jan 16, 2008
CVE-2007-5975 SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information. Medium Nov 15, 2007
CVE-2008-1875 SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter. Medium Apr 18, 2008
CVE-2008-0603 SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task. High Feb 6, 2008
CVE-2008-0561 SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. High Feb 5, 2008
CVE-2008-0519 SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action. High Feb 1, 2008
CVE-2008-0579 SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action. High Feb 5, 2008
CVE-2008-0557 SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. High Feb 5, 2008
CVE-2008-0842 SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. High Feb 21, 2008
CVE-2008-0772 SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task. High Feb 14, 2008
CVE-2008-0833 SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. High Feb 21, 2008
CVE-2008-0762 SQL injection vulnerability in index.php in the com_iomezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. High Feb 14, 2008
CVE-2008-0846 SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter. High Feb 21, 2008
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube