| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php. |
| SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9. |
| Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. |
| Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count argument, which triggers a stack-based buffer overflow. |
| Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in patch/. |
| Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action. |
| Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter. |
| SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121. |
| Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. |
| Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts. |
| Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219. |
| Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI. |
| SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter. |
| socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
| The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. |
| The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. |
