| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter. |
| MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. |
| SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CVE-2005-1413.4. |
| Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet. |
| The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document. |
| The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations. |
| Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/. |
| SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application. |
| The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables. |
| SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. |
| PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter. |
| The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. |
| The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files. |
| The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates. |
| The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. |
| Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag. |
| Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors. |
| SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000. |
