| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp. |
| Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." |
| Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions. |
| Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own |
| Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message. |
| Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected; (2) a corrupted NTFS filesystem, which causes the application to report "memory allocation errors;" or (3) deeply nested directories, which trigger an application crash during an Expand All action. NOTE: the vendor disputes the significance of these vectors because the user can select fewer options, there is no operational impact, or the user can do less expansion |
| Guidance Software EnCase allows user-assisted attackers to trigger a buffer over-read and application crash via a malformed NTFS filesystem containing a modified FILE record with a certain large offset. NOTE: the vendor disputes the significance of this issue, asserting that relevant attackers typically do not corrupt a filesystem, and indicating that the relevant read operation can be disabled |
| Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. |
| Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. |
| geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter. |
| Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. |
| SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php. |
| SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this may be related to CVE-2006-4300. |
| The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands. |
| Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio 121 and earlier allows remote authenticated users to upload arbitrary PHP code via a filename ending with (1) .php.gif, (2) .php.jpg, or (3) .php.png. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API. |
| The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB. |
| Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks. |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php. |
