CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079.
Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.
PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter.
Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e) delete.php, and others; and the (2) GLOBALS[pie][library_path] parameter to files in lib/share/ including (f) diff.php, (g) file.php, (h) locale.php, (i) mapfile.php, (j) page.php, and others.
Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack.
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page.