| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the path parameter to (4) folder.php; page parameter and REQUEST_URI to (5) login.php; ver parameter to (6) media.php; theme parameter to (7) modules/iconset/iconset-debug.php; and the REQUEST_URI to (8) index.php. |
| Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter. |
| admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo." |
| Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters. |
| SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter. |
| SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information. |
| Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter. |
| Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than CVE-2008-6318. |
| SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter. |
| PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter. |
| Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316. |
| PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317. |
| SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter. |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306. |
| Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. |
| SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
