| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument. |
| PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter. |
| SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter. |
| Cross-site request forgery (CSRF) vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action. |
| Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php. |
| SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter. |
| Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php. |
| SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter. |
| SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter. |
| Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information. |
| Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb. |
| Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters. |
| SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb. |
| Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb. |
| Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a .. (dot dot) in the group parameter. |
| SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information. |
| Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb. |
| User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb. |
| Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb. |
