| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333. |
| Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. |
| The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. |
| Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964. |
| Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data. |
| The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. |
| Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. |
| Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. |
| Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors. |
| Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information. |
| Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" in the Frontend, (2) the Title (aka Community-Title) field in Simpleboard Configuration in the Backend Admin Panel, and the (3) Name (aka Forum-Title) and (4) Name (aka Category-Title) fields in Simpleboard Administration in the Backend Admin Panel. NOTE: some sources have stated that the sb_authorname parameter is affected, but it is unclear which field is related to it. |
| A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information. |
| Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. |
| Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter. |
| NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname. |
| PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE. |
| SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONF[local_path] parameter. |
