CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response.
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters.
2017-08-17
N/A
N/A
Cross-site scripting (XSS) vulnerability in an unspecified component in Simple Machines phpRaider 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the resistance field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class.php in PHPEcho CMS 2.0 rc3 allows remote attackers to execute arbitrary PHP code via a URL in unspecified vectors that modify the _smarty_compile_path variable in the fetch function.
Com_simpleshop, Akobook, Be_it_easypartner_component, Bibtex, Bsq_sitestats, Car_manager, Classifieds_component, Colophon, Com_acajoom, Com_acctexp, Com_artistavenue
2017-08-17
N/A
N/A
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
Big-ip_b2250_firmware, Big-ip_b2250, Big-ip_b4300_firmware, Big-ip_b4300, Big-ip_b4340n_firmware, Big-ip_b4340n, Big-ip_b4450n_firmware, Big-ip_b4450n, Big-ip_10000s_firmware, Big-ip_10000s
2018-10-11
N/A
N/A
Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form.
Foxit_reader, Reader, Phantompdf, Foxit_studio_photo, 3d, E-mail_advertising_system, Enterprise_reader, Foxit_advanced_pdf_editor, Foxit_mobilepdf_-_pdf_reader, Foxit_pdf
2018-10-11
N/A
N/A
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
Auto_e-manager, Big_truck_broker, Boat_classifieds, Business_e-listings, Real_estate_web, Vacation_rental_listings
2018-10-11
N/A
N/A
Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in uploads/avatars/.
RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value.