| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter. |
| SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string. |
| SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
| Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter. |
| SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter. |
| Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/. |
| SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action. |
| SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header. |
| The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt. |
| Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message. |
| Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path. |
| SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. |
| SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to search.asp and the (2) URL parameter to tellafriend.asp. |
| SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter. |
| The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. |
