| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter. |
| csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. |
| ACDSee 4.0 allows remote attackers to cause a denial of service (crash) via an .ais file with a long file description field, which is not properly handled when the file properties of the file are viewed. |
| PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in. |
| The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files. |
| Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged. |
| Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors. |
| Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search. |
| Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the norelay_highlight_words parameter. |
| Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables. |
| Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php. |
| Multiple interpretation error in unspecified versions of NOD32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. |
| Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php. |
| Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request. |
| Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3. |
| SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php. |
| signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address. |
| Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php. |
| Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan. |
| Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter. |
