CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.
Aj_article, Aj_auction_pro-oopd, Aj_classifieds, Aj_hyip, Aj_matrix_dna, Aj_shopping_cart, Free_polling_script, Zeuscart
2009-08-24
N/A
N/A
AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Aj_article, Aj_auction_pro-oopd, Aj_classifieds, Aj_hyip, Aj_matrix_dna, Aj_shopping_cart, Free_polling_script, Zeuscart
2017-09-29
N/A
N/A
AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php.
Aj_article, Aj_auction_pro-oopd, Aj_classifieds, Aj_hyip, Aj_matrix_dna, Aj_shopping_cart, Free_polling_script, Zeuscart
2017-09-29
N/A
N/A
SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter.
Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to inject arbitrary web script or HTML via the Email parameter. NOTE: this can be leveraged to modify cookies and conduct session fixation attacks.
PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter.
Aj_article, Aj_auction_pro-oopd, Aj_classifieds, Aj_hyip, Aj_matrix_dna, Aj_shopping_cart, Free_polling_script, Zeuscart
2017-09-29
N/A
N/A
AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information.
Advanced_classified_module, Autohtml_module, Current_issue_module, Downloads_module, Downloadsplus_module, Eboard_module, Emporium_module, Ev, Hadith_module, Iframe_module, 4nchat, 4ndvddb, Book, Easycontent_module, Kose_yazilari_module, Kutubisitte_component, Myheadlines, Nukestyles_viewpage_module, Okul_module, Php-nuke
2018-10-11
N/A
N/A
SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.