| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access. |
| Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user. |
| Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode. |
| PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file |
| PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html. |
| Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. |
| Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter. |
| add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access. |
| Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. |
| Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile. |
| SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. |
| SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php. |
| Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php. |
| SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. |
