| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message. |
| Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface. |
| The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population. |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7. |
| Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. |
| Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session. |
| Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. |
| search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error. |
| Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681. |
| Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported. |
| Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php. |
| SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter. |
| Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. |
| Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php. |
| SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL error |
| Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. |