Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
sql injection vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2005-3536
SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type....
5
CVSSv2
CVE-2005-3537
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs....
7.5
CVSSv2
CVE-2005-2002
SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter....
1 EDB exploit available
6.5
CVSSv2
CVE-2016-3659
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter....
10
CVSSv2
CVE-2003-0500
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name....
1 EDB exploit available
4.3
CVSSv2
CVE-2015-6658
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files....
6.8
CVSSv2
CVE-2015-6660
The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."...
5
CVSSv2
CVE-2015-6661
Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu....
4.3
CVSSv2
CVE-2015-6665
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to...
7.5
CVSSv2
CVE-2012-1116
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors....
1 EDB exploit available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2020-9887
CVE-2020-15999
wireless
CVE-2020-9994
CVE-2020-9908
CVE-2020-9854
XML injection
CVE-2020-16938
« PREV
1
2
3
4
5
6
7
8
9
NEXT »
Vulmon