| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal. |
| action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier. |
| Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS "client code," as demonstrated by the OUSPG PROTOS DNS test suite. |
| phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. |
| Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive. |
| Informed (1) Designer and (2) Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information. |
| PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter. |
| Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables. |
| Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed ICMP packet, which causes the CPU to crash. |
| owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter. |
| SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678. |
| The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. |
| PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter. |
| periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. |
| Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. |
| Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself. |
| ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection. |
| The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data. |
| IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. |