| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument. |
| PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 allows remote attackers to execute arbitrary PHP code via the systempath parameter. |
| Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command. |
| Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.8 with Enforcer Portal Pack Bundle #10 and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE02. |
| PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter. |
| SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. |
| Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors. |
| Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file. |
| ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe. |
| Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. |
| Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension. |
| Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter. |
| SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password. |
| DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages. |
| orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. |
| VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument. |
| Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter. |
| Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. |
| Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses. |
