| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter. |
| Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption. |
| Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533. |
| PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter. |
| Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. |
| Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters. |
| Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content Server (CS) CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the (1) search function, (2) advanced search function, and possibly other components. |
| Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter. |
| Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. |
| Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. |
| The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". |
| Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors. |
| Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive. |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object. |
| PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633. |
| Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." |
| The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. |
| Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194. |
| Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. |
