| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag. |
| Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag. |
| Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability |
| Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow. |
| xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow. |
| Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file. |
| Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML. |
| Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors. |
| SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php. |
| Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details. |
| A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. |
| Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. |
| A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c. |
| evince is missing a check on number of pages which can lead to a segmentation fault |
| The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. |
| AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL. |
| A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges. |
| NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload |
| SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'. |
| ProjectPier 0.8.8 does not use the Secure flag for cookies |
