| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords. |
| Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp. |
| PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. |
| Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified. |
| Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients. |
| Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php. |
| Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. |
| Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp. |
| Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box. |
| PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php. |
| Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter. |
| Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter. |
| Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions. |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox." |
| Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action. |
| The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. |
| Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed. |
