| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. |
| Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
| Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the sKeywords parameter. |
| Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or (2) ckey parameter to print_me.php. |
| Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been reported. This CVE might be REJECTed or significantly altered pending additional information. |
| SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters. |
| Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
| Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user. |
| search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message. |
| Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the (1) lamember_login parameter to sendpass.php and (2) login parameter to member.php. |
| WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods. |
| SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header. |
| Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php. |
| Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the "remote URL." |
| SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. |
| SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter. |
| Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter. |
| Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string. |
