| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference. |
| Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license. |
| Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page. |
| Buffer overflow in LS Games War Times 1.03 and earlier allows remote attackers to cause a denial of service (server crash) via a long nickname. |
| Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses. |
| LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions. |
| launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory. |
| Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. |
| MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Portable Home Directory credentials, which allows local users to obtain the credentials. |
| Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1. |
| Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp. |
| Cookie Cart allows remote attackers to read the Order Notification list via the testmycgi and path parameters to testmy.cgi. |
| PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended. |
| Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package. |
| Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to cause a denial of service (infinite loop) via malformed data. |
| BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools." |
| SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php. |
| The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog. |
| SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors. |
| Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook. |
