| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a allows remote attackers to inject arbitrary web script or HTML via the username parameter to (1) admin.php or (2) login.php. |
| Cross-site scripting (XSS) vulnerability in smilies_popup.php in SEO-Board 1.0 allows remote attackers to inject arbitrary web script or HTML via the doc parameter. |
| Y.SAK allows remote attackers to execute arbitrary commands via shell metacharacters in the $no variable to (1) w_s3mbfm.cgi, (2) w_s3adix.cgi, or (3) w_s3sbfm.cgi. |
| Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter. |
| Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php. |
| PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via missing parameters to (1) browse.php, (2) export.php, (3) conditions.php, or (4) spss.php. |
| SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter. |
| The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to bypass the login and gain privileges. |
| PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag. |
| Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
| Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call. |
| The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files. |
| PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter. |
| Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data. |
| The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb). |
| PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message. |
| Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. |
| SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php. |
| Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attackers to inject arbitrary web script or HTML via the dir parameter. |
