| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password. |
| SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitrary SQL commands via the include_file parameter. |
| SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method. |
| Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg. |
| Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe. |
| Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664. |
| Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930. |
| Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. |
| SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billdetailid, (3) fuse, and (4) frmClientID parameters. |
| Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
| SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information. |
| Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module. |
| Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by "reading more than 8 bytes into an 8 byte long array". |
| SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters. |
| Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. |
| SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter. |
| Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier since the .m3u issue would affect different versions than the .pls issue. |
| Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548. |
| SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter. |
