CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Adult_portal_script, Airline_ticket_sale_script, Bus_ticket_script, Gastro_portal_(restaurant_directory)_script, Lastminute_script, Real_estate_script, Sky_hunter_airline_ticket_sale_script, Taxi_calc_dist_script
2017-08-17
N/A
N/A
Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Hmisoft_vu3_firmware, Hmisoft_vu3, 5p_850, 5p_850_firmware, 9000x, 9000x_firmware, 9000x_programming_and_configuration_software, 9px_ups, 9px_ups_firmware, Eamaxx_series_epdu
2018-10-11
N/A
N/A
Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php.
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
Com_simpleboard, A6mambocredits_component, Anjel_component, Artlinks_component, Bayesiannaivefilter, Bigape-backup_component, Catalogshop_component, Com_comments, Com_comprofiler, Com_comprofiler_component, Com_detail
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter.
SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter.
Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.
Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
Ez_career, Ez_hotscripts-likesite, Affiliate_directory, Ez_adult_directory, Ez_affiliate, Ez_auction, Ez_baby, Ez_biz_pro, Ez_e-store, Ez_forum
2017-09-29
N/A
N/A
SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ Link Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.