CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.
A6mambocredits_component, Anjel_component, Artlinks_component, Bayesiannaivefilter, Bigape-backup_component, Catalogshop_component, Com_comments, Com_comprofiler, Com_comprofiler_component, Com_detail, Com_musica, Mambo, Mambo_cms, A6mambocredits_component, Anjel_component, Artlinks_component, Bayesiannaivefilter, Bigape-backup_component, Catalogshop_component, Com_comments
2018-10-11
N/A
N/A
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter.
Business_cards_designer, E-smart_cart, Php_jobwebsite_pro, Pre_ads_portal, Pre_classified_listings, Pre_classified_listings_asp, Pre_e-learning_portal, Pre_job_board, Pre_online_tests_generator, Pre_podcast_portal
2017-09-29
N/A
N/A
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
Business_cards_designer, E-smart_cart, Php_jobwebsite_pro, Pre_ads_portal, Pre_classified_listings, Pre_classified_listings_asp, Pre_e-learning_portal, Pre_job_board, Pre_online_tests_generator, Pre_podcast_portal
2017-09-29
N/A
N/A
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
Business_cards_designer, E-smart_cart, Php_jobwebsite_pro, Pre_ads_portal, Pre_classified_listings, Pre_classified_listings_asp, Pre_e-learning_portal, Pre_job_board, Pre_online_tests_generator, Pre_podcast_portal
2017-09-29
N/A
N/A
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
Acidfree, Activity, Aggregation_module, Ajax_checklist, Archive_module, Asin_field_module, Atom_module, Audio_module, Authenticated_user_page_caching, Avatar_uploader
2017-08-17
N/A
N/A
Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names.
Php_auto_listings_script, Pre_asp_job_board, Pre_multi-vendor_shopping_malls, Pre_simple_cms, Pre_survey_poll
2017-09-29
N/A
N/A
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".