Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbit...

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cau...

Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) up...

SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.

Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-20...

SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported ...

Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credenti...

filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value.

Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earl...

SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter.

PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initial...

Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted ...

SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost.

SQL injection vulnerability in include/includes/user/login.php in ilchClan before 1.05g allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of ...

Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the b...

SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls para...

Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as t...

Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameter.

PHP remote file include vulnerability in index.php in Tasarim Rehberi allows remote attackers to execute arbitrary PHP code via a URL in the (1) sayfaadi or (2) sayfa parameter. NOTE: this might be a ...

The scripting engine in Internet Explorer allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary code via a web page that contains a recurrent call ...

Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote at...

Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code v...

Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or ...

SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter.