| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in UMI CMS allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to the default URI in search_do/. |
| The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments. |
| The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console. |
| Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port." |
| Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI. |
| Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials. |
| Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request. |
| PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors. |
| The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields. |
| HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service. |
| The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. |
| Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI. |
| Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. |
| Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL in G DATA Antivirus 2007 might allow remote attackers to execute arbitrary code via unspecified parameters to the SelectPath function. NOTE: this issue might not cross privilege boundaries in most environments, since it is not marked as safe for scripting. |
| CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:". |
| Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. |
| The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature. |
| The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689. |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. |
