| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp. |
| SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes. |
| The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file. |
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer. |
| The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords. |
| The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to download and execute arbitrary programs by setting the arguments to the GotNate.Excute method. |
| MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlist_inc.html, which reveals the path in an error message. |
| Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames. |
| Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors. |
| INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files. |
| SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field. |
| Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction". |
| Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php). |
| PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter. |
| Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files. |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check. |
