| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number. |
| Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to execute arbitrary code via a crafted chbg scenario file. |
| Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code. |
| Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. |
| Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file. |
| Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients. |
| The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. |
| Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data. |
| SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write. |
| Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.php3, or (16) voirfaq.php3, the Faq parameter to (17) saisiefaq.php3, (18) voirfaq.php3, or (19) inssolution.php3, or (20) question parameter to affichagefaq.php3. |
| Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter to board.php or (2) UID parameter to member.php. |
| Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." |
| SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. |
| Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08. |
| Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to 10.1.2.0 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB30 and AS03 or (2) DB31 and AS05. |
| Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. |
| Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. |
| The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact. |
| Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files. |
