| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels. |
| Unspecified vulnerability in the FlexLabel ActiveX control allows remote attackers to cause a denial of service (unstable behavior) via an improper initialization, as demonstrated by a certain value of the Caption property. |
| Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers. |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. |
| PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter. |
| Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request. |
| Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do. |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters. |
| Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions. |
| The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. |
| Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA. |
| PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. |
| SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478. |
| PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter. |
| Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. |
| nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172. |
| The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets. |
| A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. |
