NVD-CWE-Other

GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.

SQL injection vulnerability in login.asp for tPassword in the Raymond BERTHOU script collection (aka RBL – ASP) allows remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters.

PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.

SQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information.

Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to “sortable tables JavaScript.”