| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php. |
| PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post. |
| Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate. |
| Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems." |
| PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter. |
| Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages. |
| Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. |
| SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php. |
| Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange. |
| PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter. |
| Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors. |
| PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. |
| PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. |
| PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter. |
| SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp. |
| Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do. |
| SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters. |
