| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters. |
| Buffer overflow in AIX ftpd in the libc library. |
| The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. |
| netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. |
| Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname. |
| Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data. |
| Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers. |
| Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference. |
| Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086. |
| Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." |
| IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. |
| Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. |
| The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability. |
| The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability. |
| Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network. |
| The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability. |
| SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. |
| Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. |