| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php. |
| irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message from irssi. |
| Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. |
| The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors. |
| Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. NOTE: these files are stored with .html extensions, so the scope of the attack might be limited to resource consumption and possibly XSS. |
| comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs. |
| Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access. |
| Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. |
| QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551. |
| Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793. |
| Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request. |
| ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. |
| Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp. |
| The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." |
| Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a blank string in unspecified messages. |
| HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104. |
| The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. |
| HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. |
| pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message. |
| Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. |