| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows remote attackers to cause a denial of service (service outage) via a sequence of TCP SYN packets to many ports, as demonstrated using nmap. NOTE: the vendor's testing reportedly found that no denial of service occurred. |
| MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability. |
| Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature. |
| SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code. |
| D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link. |
| PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley Generator were affected, not the developer-provided software: "Legitimately purchased applications do not allow this exploit. |
| Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access." |
| PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. |
| AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. |
| Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference. |
| Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. |
| Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges. |
| Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. |
| Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." |
| PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. |
| archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644. |
