| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials. |
| Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) category parameters. |
| NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site. |
| SQL injection vulnerability in lib/adodb/server.php in AngelineCMS 0.6.5 and earlier might allow remote attackers to execute arbitrary SQL commands via the query string. |
| CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests. |
| Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability. |
| Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote attackers to execute arbitrary SQL commands via unspecified attack vectors. |
| SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php. |
| Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server. |
| Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands. |
| Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier have unknown impact and unspecified attack vectors, in one or more of the (1) Download, (2) Search, (3) Web links, (4) Blocks, (5) Messages, (6) News, (7) Comments, (8) Settings, (9) Stats or (10) subjects modules. |
| Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. |
| Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
| Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the sKeywords parameter. |
| Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or (2) ckey parameter to print_me.php. |
| Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file. |
| SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php. |
