| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action. |
| Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue. |
| Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts." |
| Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages. |
| Hawking Technology wireless router WR254-CA uses a hardcoded IP address among the set of DNS server IP addresses, which could allow remote attackers to cause a denial of service or hijack the router by attacking or spoofing the server at the hardcoded address. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE. |
| PHP remote file inclusion vulnerability in includes/functions_weblog.php in mxBB mx_blogs 2.0.0 beta allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. |
| putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information. |
| Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions. |
| Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. |
| Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter. |
| Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data." |
| PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter. |
| Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error. |
| PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter. |
| Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap CVE-2004-1660 or CVE-2006-4445. |
| Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. |
| JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/. |
| SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action. |
| Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php. |
| PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured |
