| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter. |
| SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter. |
| SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter. |
| Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery 1.55 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages. |
| Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow. |
| Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method. |
| Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804. |
| Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected. |
| Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure. |
| Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent. |
| The ReiserFS functionality in Linux kernel 2.6.18, and possibly other versions, allows local users to cause a denial of service via a malformed ReiserFS file system that triggers memory corruption when a sync is performed. |
| Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption. |
| Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket. |
| Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory. |
| Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp. |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831). |
| Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php. |
| Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter. |
