Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blind sql injection vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2009-4436
Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote malicious users to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706.
Activewebsoftwares Ewebquiz 8.0
1 EDB exploit
755
VMScore
CVE-2009-1742
code.php in PC4Arb Pc4 Uploader 9.0 and previous versions makes it easier for remote malicious users to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON"...
Pc4arb Pc4 Uploader
1 EDB exploit
645
VMScore
CVE-2007-5261
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote malicious users to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.
Iscripts Multicart 1.0
1 EDB exploit
755
VMScore
CVE-2014-100003
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.
Yourmembers Project Yourmembers -
1 EDB exploit
505
VMScore
CVE-2007-6623
Absolute path traversal vulnerability in ZeusCMS 0.3 and previous versions might allow remote malicious users to list arbitrary directories via a full pathname in the dir parameter.
Zeuscms Zeuscms
1 EDB exploit
685
VMScore
CVE-2009-3321
SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the CLIENT_IP HTTP header.
Saphplesson Saphplesson 4.3
1 EDB exploit
685
VMScore
CVE-2008-6146
SQL injection vulnerability in pm.php in DeluxeBB 1.2 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989.
Deluxebb Deluxebb 1.05
Deluxebb Deluxebb 1.08
Deluxebb Deluxebb
Deluxebb Deluxebb 1.0
Deluxebb Deluxebb 1.07
Deluxebb Deluxebb 1.09
Deluxebb Deluxebb 1.06
Deluxebb Deluxebb 1.1
1 EDB exploit
755
VMScore
CVE-2008-6257
SQL injection vulnerability in default.asp in Openasp 3.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the idpage parameter in the pages module.
Openasp Openasp 3.0
1 EDB exploit
755
VMScore
CVE-2008-6322
SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote malicious users to execute arbitrary SQL commands via the categorynbr parameter.
Cfmsource Cfmblog -
1 EDB exploit
755
VMScore
CVE-2008-1591
The pnVarPrepForStore function in PostNuke 0.764 and previous versions skips input sanitization when magic_quotes_runtime is enabled, which allows remote malicious users to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables...
Postnuke Postnuke
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »