| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. |
| Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. |
| Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. |
| Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." |
| Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter. |
| Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of service (memory consumption) via (1) reverse lookups or (2) requests for records in a class other than Internet (IN), a different set of affected versions than CVE-2007-3114 and CVE-2007-3116. |
| PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441. |
| The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits. |
| libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration. |
| Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences. |
| Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe. |
| Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp. |
| Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php. |
| config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code. |
| Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information. |
| Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier. |
| Cross-site scripting (XSS) vulnerability in add_comment.php in Light Blog 4.1 before 20070606 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." |
| Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
