CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters.
Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.
Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.
Unspecified vulnerability in the media server in Orb Networks Orb before 2.01.0025 allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request.
Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame.
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.