| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php. |
| Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended. |
| Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow. |
| Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
| Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address. |
| Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows remote attackers to have an unknown impact via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| PHP remote file inclusion vulnerability in index.php in Thomas Pequet phpPrintAnalyzer 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep_par_rapport_racine parameter. NOTE: this issue has been disputed by third party researchers, stating that the rep_par_rapport_racine variable is initialized before use |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. |
| Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php. |
| Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. |
| Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. |
| SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter. |
| Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports. |
| Cross-site scripting (XSS) vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the (1) real_name, (2) email, and (3) login parameters. |
| Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). |
| Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. |
| Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." |
| Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. |
| Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. |
