| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in includes/functions.inc.php in phpVoter 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. |
| PHP remote file inclusion vulnerability in check_entry.php in Ralf Image Gallery (RIG), aka Raphael Moll RIG Image Gallery, 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir_abs_src parameter. NOTE: this issue is disputed by multiple third parties, who report that the product exits if register_globals is enabled, thereby blocking exploitation. NOTE: CVE-2006-3210.a covers this issue in versions before 1.0 |
| Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php. |
| Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php. |
| SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922. |
| Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include. |
| SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter. |
| SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS for Government allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php. |
| Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the code parameter. |
| Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. |
| Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform (OCP) 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter. |
| Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters. |
| SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter. |
| Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter. |
| SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter. |
| Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action. |
| Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component. |
| Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter. |
