| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. |
| PHP remote file inclusion vulnerability in quickie.php in Knusperleicht Quickie, probably 0.2, allows remote attackers to execute arbitrary PHP code via a URL in the QUICK_PATH parameter. |
| Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php. |
| PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468. |
| Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value. |
| The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation. |
| PHP remote file inclusion vulnerability in index.php in Knusperleicht Newsletter 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NL_PATH parameter. |
| Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object. |
| Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Savant2, possibly when used with the com_mtree component for Mambo and Joomla!, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) Savant2_Plugin_stylesheet.php, (2) Savant2_Compiler_basic.php, (3) Savant2_Error_pear.php, (4) Savant2_Error_stack.php, (5) Savant2_Filter_colorizeCode.php, (6) Savant2_Filter_trimwhitespace.php, (7) Savant2_Plugin_ahref.php, (8) Savant2_Plugin_ahrefcontact.php, (9) Savant2_Plugin_ahreflisting.php, (10) Savant2_Plugin_ahreflistingimage.php, (11) Savant2_Plugin_ahrefmap.php, (12) Savant2_Plugin_ahrefownerlisting.php, (13) Savant2_Plugin_ahrefprint.php, (14) Savant2_Plugin_ahrefrating.php, (15) Savant2_Plugin_ahrefrecommend.php, (16) Savant2_Plugin_ahrefreport.php, (17) Savant2_Plugin_ahrefreview.php, (18) Savant2_Plugin_ahrefvisit.php, (19) Savant2_Plugin_checkbox.php, (20) Savant2_Plugin_cycle.php, (21) Savant2_Plugin_dateformat.php, (22) Savant2_Plugin_editor.php, (23) Savant2_Plugin_form.php, (24) Savant2_Plugin_image.php, (25) Savant2_Plugin_input.php, (26) Savant2_Plugin_javascript.php, (27) Savant2_Plugin_listalpha.php, (28) Savant2_Plugin_listingname.php, (29) Savant2_Plugin_modify.php, (30) Savant2_Plugin_mtpath.php, (31) Savant2_Plugin_options.php, (32) Savant2_Plugin_radios.php, (33) Savant2_Plugin_rating.php, or (34) Savant2_Plugin_textarea.php. |
| SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters. |
| Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter. |
| DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow. |
| Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information. |
| Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies. |
| Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php. |
| run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. |
| SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139. |
| Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values. |
| Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992. |
