CVE-2014-2861

Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string...

CVE-2011-4770

The QIWI Wallet ru.mw application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application...

CVE-2011-4352

Integer overflow in the vp3dequant function in the VP3 decoder vp3.c in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of...

CVE-2005-3730

Multiple cross-site scripting XSS vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the 1 resourcetype, 2 objectmap, and 3 redirect parameters, possibly involving setWebSpace.jsp...

CVE-2005-4029

WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods...

CVE-2005-4702

SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition,...

CVE-2009-3198

Cross-site scripting XSS vulnerability in search.php in JCE-Tech Affiliate Master Datafeed Parser Script 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter...

CVE-2009-1798

Multiple cross-site scripting XSS vulnerabilities on the Network Management Card NMC on American Power Conversion APC Switched Rack PDU aka Rack Mount Power Distribution devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the...

CVE-2009-0616

Cisco Application Networking Manager ANM before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation."...

CVE-2009-0762

Cross-site scripting XSS vulnerability in ScriptsEz Ez PHP Comment allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-5891

Cross-site scripting XSS vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2005-2516

Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format RTF files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands...

CVE-2005-2916

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to 1 modify configuration using restore.cgi or 2 upload new firmware using upgrade.cgi...

CVE-2005-2031

Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via 1 the sid parameter to article.php, 2 uname parameter to user.php, 3 siteid parameter to viewforum.php, 4 username parameter to newtopic.php, the 5 secid or 6 artid parameter to...

CVE-2009-4934

Cross-site scripting XSS vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter...

CVE-2007-3968

index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name...

CVE-2004-2711

Multiple buffer overflows in Gyach Enhanced Gyach-E before 1.0.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to "avatar retrieval."...

CVE-2009-3195

Multiple cross-site scripting XSS vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to 1 rss.php and 2 search.php...

CVE-2005-2523

Multiple cross-site scripting XSS vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2003-0801

Cross-site scripting XSS vulnerability in Nokia Electronic Documentation NED 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script...