| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows remote attackers to execute arbitrary SQL commands via the Category parameter in a ViewCategory action. |
| CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. |
| Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. |
| Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information. |
| MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. |
| SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Plot2D (.wp2) file. |
| ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. |
| Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action. |
| ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks. |
| Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters. |
| Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some of these details are obtained from third party information. |
| Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the wwwRoot parameter to (1) header.php, (2) submit.php, (3) submitted.php, and (4) autosubmitter/index.php. |
| Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker |
