| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. |
| Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment fields. NOTE: this issue may overlap CVE-2006-5195. |
| index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message. |
| SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter. |
| Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter to (1) add-modify.php, (2) delete.php, (3) modify.php, and (4) phpjobscheduler.php. |
| SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06). |
| SQL injection vulnerability in admin/default.asp in Estate Agent Manager 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the UserName field. |
| SQL injection vulnerability in index.php in ShopSystems 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the sessid parameter. |
| SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02. |
| Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter. |
| Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter. |
| Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp. |
| Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. |
| Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06. |
| Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01. |
| Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2) password (txtPassword) parameters. NOTE: portions of these details are obtained from third party information. |
