CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields.
PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter.
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter.
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter.
A6mambocredits_component, Anjel_component, Artlinks_component, Bayesiannaivefilter, Bigape-backup_component, Catalogshop_component, Com_comments, Com_comprofiler, Com_comprofiler_component, Com_detail, Com_musica, Mambo, Mambo_cms, A6mambocredits_component, Anjel_component, Artlinks_component, Bayesiannaivefilter, Bigape-backup_component, Catalogshop_component, Com_comments
2017-09-29
N/A
N/A
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter.
Confixx, H-sphere, Parallels_access, Parallels_desktop, Parallels_plesk_panel, Parallels_plesk_small_business_panel, Parallels_small_business_panel, Parallels_virtuozzo, Plesk, Remote_application_server
2018-10-11
N/A
N/A
Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd.
Confixx, H-sphere, Parallels_access, Parallels_desktop, Parallels_plesk_panel, Parallels_plesk_small_business_panel, Parallels_small_business_panel, Parallels_virtuozzo, Plesk, Remote_application_server
2018-10-11
N/A
N/A
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.