| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header. |
| Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. |
| The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. |
| Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack. |
| Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. |
| WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. |
| AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. |
| PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion |
| server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow. |
| Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets. |
| Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. |
| Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Also, it is not clear whether this issue crosses security boundaries. |
| The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications. |
| Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors. |
| Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes." |
| PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter. |
| PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter. |
| Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to read arbitrary files via a full pathname in the form parameter. |
