CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter.
Absolute_banner_manager, Absolute_banner_manager.net, Absolute_content_rotator, Absolute_control_panel_xe, Absolute_faq_manager_.net, Absolute_form_processor.net, Absolute_form_processor_xe, Absolute_image_gallery_xe, Absolute_live_support_.net, Absolute_live_support_xe
2017-08-08
N/A
N/A
Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields").
Absolute_banner_manager, Absolute_banner_manager.net, Absolute_content_rotator, Absolute_control_panel_xe, Absolute_faq_manager_.net, Absolute_form_processor.net, Absolute_form_processor_xe, Absolute_image_gallery_xe, Absolute_live_support_.net, Absolute_live_support_xe
2017-08-08
N/A
N/A
SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter.
Absolute_banner_manager, Absolute_banner_manager.net, Absolute_content_rotator, Absolute_control_panel_xe, Absolute_faq_manager_.net, Absolute_form_processor.net, Absolute_form_processor_xe, Absolute_image_gallery_xe, Absolute_live_support_.net, Absolute_live_support_xe
2017-08-08
N/A
N/A
Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp.
Absolute_banner_manager, Absolute_banner_manager.net, Absolute_content_rotator, Absolute_control_panel_xe, Absolute_faq_manager_.net, Absolute_form_processor.net, Absolute_form_processor_xe, Absolute_image_gallery_xe, Absolute_live_support_.net, Absolute_live_support_xe
2017-08-08
N/A
N/A
SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
Absolute_banner_manager, Absolute_banner_manager.net, Absolute_content_rotator, Absolute_control_panel_xe, Absolute_faq_manager_.net, Absolute_form_processor.net, Absolute_form_processor_xe, Absolute_image_gallery_xe, Absolute_live_support_.net, Absolute_live_support_xe
2017-08-08
N/A
N/A
Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields").