| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) homeadmin/adminhome.php and (2) homeadmin/signinform.php. |
| Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. |
| Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters." |
| Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors. |
| Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters." |
| Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm. |
| Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability." |
| Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords." |
| Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." |
| Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. NOTE: This issue reportedly exists because of a "weak ... anti-CSRF fix" implemented in 24 sp2. |
| SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb. |
| SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in Member_Admin/logo/. |
| Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. |
| Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. |
| SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. |
| Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." |
| Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." |
