| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php. |
| PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. |
| Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring. |
| Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation." |
| avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
| Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username. |
| Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06. |
| Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) prevlang and (2) super parameters to (a) php/login.php; the (3) charset parameter to (a) php/login.php, (b) php/internal-init.php, and (c) php/xlogin.php; the (4) lang parameter to (b) php/internal-init.php; and the (5) language parameter to (c) php/xlogin.php. |
| The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (disconnection) via a long (1) emote or (2) SPEC command. |
| SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter. |
| Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function. |
| The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters. |
| SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter. |
| Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler. |
| The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. |
| Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed. |
| Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01. |
| Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02. |
| Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. |
