| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter. |
| The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1. |
| SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php. |
| PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter. |
| SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683. |
| Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter. |
| hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header. |
| SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. |
| Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors. |
| Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters. |
| SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote." |
| Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page, a different vulnerability than CVE-2008-4079. |
| Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121. |
| qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message. |
| jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
| The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character. |
| The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. |
| SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. |
