| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter. |
| Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods. |
| Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. |
| Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp. |
| PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. |
| Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. |
| Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id parameter to (b) news.php or (c) print.php; (4) the news_cat_id parameter to news.php; the (5) cat_id, (6) topic_id, or (7) post_id parameter to (d) forums.php; or (8) the user_id parameter to (e) users.php. |
| SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue. |
| SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter. |
| The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface. |
| A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. |
| Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027. |
| Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll. |
| Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/. |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." |
| PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script. |
| Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985. |
