| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. |
| The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call. |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. |
| The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request. |
| The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment Client (ePC) 1.60 and 1.70 allows remote attackers to execute arbitrary commands via shell metacharacters in the paymentinfo parameter to simplePHPLinux/3payment_receive.php. |
| Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/. |
| The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames. |
| Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. |
| Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. |
| cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command. |
| RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message. |
| The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer. |
| The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. |
| DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser. |
| XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. |
| The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path |
| UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process. |
| Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. |
| Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |