| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter. |
| Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. |
| Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index. |
| SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter. |
| Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1. |
| Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. |
| Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests. |
| Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-6579. |
| PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter. |
| admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin. |
| GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability." |
| Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter. |
| Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. |
| PHP remote file inclusion vulnerability in inertianews_class.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. |
| viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action. |
| PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTP_DOCUMENT_ROOT parameter, a different vector than CVE-2006-6689. |
| Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Also, it is not clear whether this issue crosses security boundaries. |
| SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter. |
| Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. |
| Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information. |
