| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php. |
| modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value. |
| Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code. |
| Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal. |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159. |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php. |
| Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp. |
| Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability. |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-2005-3159. |
| Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php. |
| SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158. |
| Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters. |
| Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php. |
| Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php. |
| Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte. |
| Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp. |
| pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. |
| Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code. |
| Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server. |
| Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character. |