CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter.
configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.
SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597.
Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors.
Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages.
Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus 2.1.1 have unknown impact and remote attack vectors.
Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote.
Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416.
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.