| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability |
| Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134. |
| Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. |
| SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php. |
| SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI. |
| Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. |
| Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LINK Content Management Server (CMS) allows remote attackers to inject arbitrary web script or HTML via the txtPretraga parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps. |
| BitDefender Mail Protection for SMB 2.0 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. |
| PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp. |
| Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter. |
| PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action. |
| Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain. |
| Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. |
| Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information. |
| backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization." |
