CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2009(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4499 89 Exec Code Sql 2009-12-31 2010-02-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.
2 CVE-2009-4477 89 1 Exec Code Sql 2009-12-30 2010-01-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
3 CVE-2009-4475 89 2 Exec Code Sql 2009-12-30 2010-01-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.
4 CVE-2009-4474 89 1 Exec Code Sql 2009-12-30 2010-01-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
5 CVE-2009-4470 89 Exec Code Sql 2009-12-30 2010-06-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter.
6 CVE-2009-4456 89 1 Exec Code Sql 2009-12-29 2013-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.
7 CVE-2009-4437 89 2 Exec Code Sql 2009-12-28 2009-12-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.
8 CVE-2009-4436 89 1 Exec Code Sql 2009-12-28 2009-12-29
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706.
9 CVE-2009-4432 89 2 Exec Code Sql 2009-12-28 2009-12-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.
10 CVE-2009-4430 89 1 Exec Code Sql 2009-12-28 2009-12-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.
11 CVE-2009-4428 89 1 Exec Code Sql 2009-12-28 2009-12-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php.
12 CVE-2009-4424 89 2 Exec Code Sql 2009-12-28 2009-12-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
13 CVE-2009-4423 89 2 Exec Code Sql 2009-12-24 2009-12-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information.
14 CVE-2009-4414 89 Exec Code Sql 2009-12-24 2009-12-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
15 CVE-2009-4401 89 Exec Code Sql 2009-12-22 2009-12-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
16 CVE-2009-4399 89 Exec Code Sql 2009-12-22 2009-12-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
17 CVE-2009-4396 89 Exec Code Sql 2009-12-22 2013-01-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
18 CVE-2009-4394 89 Exec Code Sql 2009-12-22 2009-12-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
19 CVE-2009-4393 89 Exec Code Sql 2009-12-22 2010-01-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
20 CVE-2009-4392 89 Exec Code Sql 2009-12-22 2010-01-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
21 CVE-2009-4390 89 Exec Code Sql 2009-12-22 2009-12-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
22 CVE-2009-4386 89 2 Exec Code Sql 2009-12-22 2009-12-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.
23 CVE-2009-4380 89 Exec Code Sql 2009-12-22 2009-12-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925.
24 CVE-2009-4375 89 Exec Code Sql 2009-12-21 2010-05-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
25 CVE-2009-4360 89 Sql 2009-12-19 2009-12-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter.
26 CVE-2009-4351 89 1 Exec Code Sql 2009-12-17 2009-12-18
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter.
27 CVE-2009-4350 89 Exec Code Sql 2009-12-17 2009-12-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the (1) matchings[id] or (2) matchings[title] parameters in a Login action to an unspecified program, or (3) the matchings[id] parameter in a search action to index.php, a different vector than CVE-2008-3250. NOTE: some of these details are obtained from third party information.
28 CVE-2009-4342 89 Exec Code Sql 2009-12-17 2010-01-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
29 CVE-2009-4341 89 Exec Code Sql 2009-12-17 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
30 CVE-2009-4339 89 Exec Code Sql 2009-12-17 2010-06-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
31 CVE-2009-4338 89 Exec Code Sql 2009-12-17 2009-12-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
32 CVE-2009-4337 89 Exec Code Sql 2009-12-17 2009-12-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.
33 CVE-2009-4305 89 Exec Code Sql 2009-12-15 2009-12-16
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."
34 CVE-2009-4296 89 Exec Code Sql 2009-12-11 2009-12-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
35 CVE-2009-4263 89 1 Exec Code Sql 2009-12-10 2009-12-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
36 CVE-2009-4256 89 1 Exec Code Sql 2009-12-09 2009-12-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information.
37 CVE-2009-4238 89 Exec Code Sql 2009-12-10 2009-12-19
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
38 CVE-2009-4229 89 Exec Code Sql 2009-12-08 2009-12-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2) the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
39 CVE-2009-4221 89 2 Exec Code Sql 2009-12-07 2009-12-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.
40 CVE-2009-4218 89 Exec Code Sql 2009-12-07 2009-12-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
41 CVE-2009-4217 89 Exec Code Sql 2009-12-07 2009-12-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
42 CVE-2009-4208 89 1 Exec Code Sql 2009-12-04 2009-12-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php.
43 CVE-2009-4206 89 1 Exec Code Sql 2009-12-04 2009-12-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
44 CVE-2009-4204 89 1 Exec Code Sql 2009-12-04 2009-12-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in read.php in Flashlight Free Edition allows remote attackers to execute arbitrary SQL commands via the id parameter.
45 CVE-2009-4203 89 1 Exec Code Sql 2009-12-04 2009-12-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.
46 CVE-2009-4200 89 1 Exec Code Sql 2009-12-04 2009-12-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
47 CVE-2009-4199 89 1 Exec Code Sql 2009-12-04 2009-12-07
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php.
48 CVE-2009-4198 89 1 Exec Code Sql 2009-12-04 2010-01-21
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action.
49 CVE-2009-4166 89 Exec Code Sql 2009-12-02 2009-12-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
50 CVE-2009-4165 89 Exec Code Sql 2009-12-02 2009-12-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Total number of vulnerabilities : 963   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.