| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter. |
| Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp. |
| Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha allows remote attackers to read arbitrary files via a .. (dot dot) in the m parameter. |
| SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. |
| SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
| Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie. |
| SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php. |
| Directory traversal vulnerability in the media server in Orb Networks Orb before 2.01.0022 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP GET request. |
| Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup." |
| Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors. |
| SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter. |
| SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter. |
| SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information. |
| Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message. |
