| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions. |
| save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter. |
| SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field. |
| SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum. |
| Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. |
| Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c) venue_detail.asp. |
| SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter. |
| Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. |
| Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks (APB) 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS['apb_path'] parameter in (1) apb_common.php or (2) apb.php. NOTE: CVE and another third party dispute this vulnerability because these PHP scripts exit if the attack vectors are present in GPC variables |
| Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt. |
| Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of these details are obtained from third party information. |
| Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park. |
| SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962. |
| The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. |
| Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields. |
| Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141. |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/. |
