| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260. |
| Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/. |
| Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." |
| The logging feature in eMule Plus before 1.2e allows remote attackers to cause a denial of service (infinite loop) via unspecified attack vectors. |
| Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter. |
| SQL injection vulnerability in pages/login.php in FunGamez RC1 allows remote attackers to execute arbitrary SQL commands via the login_user (aka username) parameter. NOTE: some of these details are obtained from third party information. |
| Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." |
| Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php. |
| includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter. |
| Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header. |
| McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. |
| Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb. |
| The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." |
| Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. |
| Directory traversal vulnerability in inc/profilemain.php in Game Maker 2k Internet Discussion Boards (iDB) 0.2.5 Pre-Alpha SVN 243 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter in a settings action to profile.php. |
| inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lat, (2) lng, and (3) zom parameters, which are not properly handled when processed with templates/map.tpl. |
| Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
