| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) subscribing and (2) unsubscribing. |
| PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This is probably an invalid report based on analysis by CVE and a third party |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators. |
| Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter. |
| SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string. |
| The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. |
| Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information. |
| Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php. |
| Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |
| MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. |
| Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter. |
| AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto." |
| SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php. |
| Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors. NOTE: some of these details are obtained from third party information. |
| Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845. |
| Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php in ringtones/. |
| Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) graph.php and (2) robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value. |
| SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter. |
| CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie. |
