| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in the Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter in a new entry, as demonstrated by a CSS property in the STYLE attribute of a DIV element, a different vulnerability than CVE-2008-1873. |
| Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php. |
| Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information. |
| The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. |
| Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. |
| SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action. |
| Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html. |
| Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors. |
| Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file. |
| Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users. |
| Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory. |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action. |
| SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter. |
| Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute. |
| Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/. |
| Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. |
| Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415. |