| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. |
| Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl." |
| The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code. |
| Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225. |
| Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected. |
| PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages. |
| SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype). |
| activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories. |
| Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. |
| Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |
| Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument. |
| listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path. |
| PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client. |
| my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter. |
| Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, different vectors than CVE-2007-3112. |
