| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php. |
| Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending an invalid response when the final ACK is expected, aka bug ID CSCei45910. |
| Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script. |
| Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users to execute arbitrary code via a long command line argument. |
| SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter. |
| Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php. |
| Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands. |
| SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter. |
| WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation. |
| SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arrange and (2) p parameters. |
| Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly the search parameter. |
| PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php. |
| Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted (1) .gz, (2) .jar, (3) .rar, or (4) .zip file. |
| Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php. |
| Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc. |
| Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument. |
| Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id parameter to forum.asp, (2) unspecified parameters to register.asp, and (3) the "Search For" field in search.asp. |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function. |
