| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363. |
| Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. |
| Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. |
| Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder (BCWB) 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the root_path_admin parameter to (1) /include/startup.inc.php, (2) dcontent/default.css.php, or (3) system/default.css.php, different vectors than CVE-2006-4946. |
| WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. |
| PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. |
| Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. |
| Memory leak in the push_align function in src/util.c in Vilistextum before 2.6.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the tmp_align variable. NOTE: it is not clear whether this is a vulnerability, due to the functionality of the product. |
| Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127. |
| Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed. |
| Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts. |
| WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. |
| Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit. |
| The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. |
| SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter. |
| IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page. |
| The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries. |
| SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information. |
| Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property. |
