| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function. |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function. |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function. |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function. |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function. |
| Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. |
| An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. |
| Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. |
| SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php. |
| SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php. |
| SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. |
| SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. |
| SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php. |
| SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php. |
| SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php. |
| SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. . |
| SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php. |
| phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. |
| Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword. |