| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. |
| Stack-based buffer overflow in Rebellion Asura engine, as used for the server in Rogue Trooper 1.0 and earlier and Prism 1.1.1.0 and earlier, allows remote attackers to execute arbitrary code via a long string in a 0xf007 packet for the challenge B query. |
| Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. |
| SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm. |
| Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." |
| Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar. |
| Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages. |
| Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter. |
| The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System Control Facility Unit (aka XSCFU or Service Processor), and have unspecified other impact. |
| Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. |
| SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter. |
| SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information. |
| Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. |
| SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. |
| Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter. |
| SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. |
