| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter. |
| SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter. |
| SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter. |
| PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. |
| ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. |
| SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. |
| PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php. |
| Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action. |
| PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year." |
| Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php. |
| SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function. |
| Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors. |
| Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. |
| Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. |
| JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID. |
| The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language. |
| Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter. |