radar

ONE Sentinel

shield

CVE Tracker

175,322 total CVEs

Live vulnerability feed from the National Vulnerability Database

7.5

SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5

SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

4.3

Cross-site scripting (XSS) vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter.

6.5

SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter.

7.5

Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.

9.3

RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.

4.3

Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

7.5

SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action.

4.3

Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php.

7.5

SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5

SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action.

9.3

Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.

4.3

Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2005-1799.

7.5

Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in (1) icerikyolu, (2) sayfaid, and (3) uzanti parameters.

9.3

The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.

6.8

The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.

7.5

Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

4.3

Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action.

6.8

Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action, and the (2) board_id parameter in a viewboard action.

7.5

Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php.

Showing 144001-144025 of 175,322 CVEs