| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request. |
| Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1. |
| Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button. |
| viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm. |
| Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. |
| mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. |
| Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized. |
| SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. |
| The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username. |
| The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. |
| Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting. |
| Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. |
| Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allows local users to bypass intended access restrictions and obtain the cache results from another user. |
| Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous. |
| SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter. |
| Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors. |
| PHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter. |
| Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions." |