| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter. |
| Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. |
| Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. |
| Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php. |
| XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges. |
| SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php. |
| SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter. |
| Unknown vulnerability in DC++ before 0.674 allows attackers to append data to arbitrary files. |
| Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files. |
| Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page. |
| Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. |
| FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. |
| Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code. |
| Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. |
| The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption. |
| Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81. |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php. |
| IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. |
