| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image. |
| The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. |
| Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. |
| Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value. |
| PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter. |
| Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP. |
| Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method. |
| The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. |
| Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. |
| Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp. |
| SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action. |
| PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. |
| Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content. |
| Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function. |
| Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors. |
| The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable. |
| Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow. |
| Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy. |
| SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |