CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Multiple cross-site scripting (XSS) vulnerabilities in index.php in BLUEPAGE CMS 2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) whl, (2) var_1, and (3) search parameters.
SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter.
Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and OpenSolaris before snv_37, when automountd is used, allows user-assisted remote attackers to cause a denial of service (unresponsive NFS filesystems) via unknown vectors.
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter.
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path parameter.
Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka "security vulnerabilities found by 3rd party analysis."
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."
SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.