| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter. |
| Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
| Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow. |
| SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. |
| SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters. |
| Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter. |
| HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to cause denial of service (CPU consumption, SMS consumption, and connectivity loss) via a flood of vCards to UDP port 9204. |
| Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. |
| Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667. |
| PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters. |
| SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. |
| SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. |
| PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php. |
| SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Hosting Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. |
| SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. |
| Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb. |
| Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
| SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php. |