| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string. |
| Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters. |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) password parameters. |
| SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. |
| Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile. |
| PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter. |
| All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages. |
| gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file. |
| Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter. |
| The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file. |
| The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type. |
| Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter. |
| PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter. |
| PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter. |
| Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters. |
| The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information. |
| Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter. |
| pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name. |
| Speedywiki 2.0 allows remote attackers to obtain the full path of the web server via the (1) showRevisions[] and (2) searchText[] parameters in (a) index.php, and (b) a direct request to upload.php without any parameters. |
