| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683. |
| The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. |
| Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method. |
| SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter. |
| Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program. |
| PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys. |
| Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file. |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033. |
| SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509. |
| vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call. |
| Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll. |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters." |
| SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. |
| The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload. |
| Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request. |
