5 matches found
CVE-2017-17550
The vulnerability is in ZyXEL ZyWALL USG devices (2.12 AQQ.2 and 3.30 AQQ.7) where a CSRF flaw in the cgi-bin/zysh-cgi cmd action allows an attacker to add a user account. This newly created account could subsequently be used to perform stored XSS, as described in multiple sources. Affected softw...
CVE-2007-5693
Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...
CVE-2007-5693
Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...
CVE-2007-2673
SQL injection vulnerability in includes/funcsvendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendorinfo cmd action to censura.php...
CVE-2007-2673
SQL injection vulnerability in includes/funcsvendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendorinfo cmd action to censura.php...