| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request. |
| Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php. |
| Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. |
| The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known. |
| PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter. |
| Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. |
| PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message. |
| Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 allow remote authenticated users to (1) cause a denial of service (server crash) and probably execute arbitrary code via an ID 3 packet with a long nickname field, and (2) cause a denial of service (server crash) via an ID 10 packet containing a long string corresponding to an unavailable track. |
| Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery. |
| PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter. |
| PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter. |
| The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory. |
| Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command. |
| PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information. |
| Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." |
| Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. |
| Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive. |
| Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter. |
| SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. |