| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow. |
| Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module. |
| The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262. |
| The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size. |
| SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter. |
| servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. |
| Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the kat_id parameter to the default URI in a download action or (2) the id parameter to the default URI in a duyurular_detay action. |
| The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges. |
| Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors. |
| MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels." |
| The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function. |
| The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size. |
| SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter. |
| Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php. |
| Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. |
| Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action. |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1. |
| Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password. |
