| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Westell Versalink 327W allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information. |
| Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. |
| Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. |
| Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. |
| Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via certain search module parameters, possibly the root parameter to zaygo.cgi. |
| Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly SKey to store.cgi. |
| Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the search module parameter or the (2) product and (3) cart_id parameters. |
| Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php. |
| PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php. |
| Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E-commerce allows remote attackers to inject arbitrary web script or HTML via the page parameter to index.php. NOTE: this might be resultant from CVE-2005-4287. |
| Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_action parameter. |
| Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters. |
| AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request. |
| Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature. |
| Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter. |
| Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page. |
| Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter. |
| Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) sch_allsubct, (2) before, and (3) ct parameters. |
