| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment fields. NOTE: this issue may overlap CVE-2006-5195. |
| index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message. |
| PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter. |
| Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. |
| Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter. |
| Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter to (1) add-modify.php, (2) delete.php, (3) modify.php, and (4) phpjobscheduler.php. |
| PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php. |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts. |
| SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.php in ShopSystems 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the sessid parameter. |
| Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter. |
| Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter. |
| Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpPeanuts 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter. |
| Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
