| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. |
| PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. |
| PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. |
| In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. |
| Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. |
| Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. |
| Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. |
| pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482. |
| A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response. |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. |