| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp. |
| SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. |
| Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the (1) currentpage or (2) gallery_id parameter to (a) view_gallery.asp, the (3) image_id parameter to (b) download_image.asp, the currentpage or (5) orderby parameter to (c) gallery.asp, or the currentpage parameter to (d) view_recent.asp. |
| PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php |
| Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter. |
| SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd. |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html. |
| Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. |
| SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter. |
| Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors. |
| index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message. |
| Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. |
| Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors. |
| SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. |
| Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. |
| Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view. |
| Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| viksoe GMail Drive shell extension allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GMAILFS: [13;a;1] message with a new filename and a file attachment, which injects a new file into the filesystem; (2) a GMAILFS: [13;a;1] message with an existing filename and a file attachment, which overwrites existing file content; and (3) a GMAILFS: [14;a;1] message, which creates a folder. |
| SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |