| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." |
| Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." |
| Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php. |
| SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action. |
| SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter. |
| Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. |
| PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies. |
| SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. |
| SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters. |
| Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. |
| Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. |
| The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. |
| SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories. |
| Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. |
| plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. |
| libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. |
| lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid. |
