| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php. |
| SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field). |
| Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file. |
| SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action. |
| Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information. |
| The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. |
| The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. |
| AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. |
| Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename. |
| SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter. |
| GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. |
| Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. |
| SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. |
| SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode. |
| SQL injection vulnerability in ratelink.php in Link Trader Script allows remote attackers to execute arbitrary SQL commands via the lnkid parameter. |
| SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the iFor parameter. |
| Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript. |
| Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter. |
| index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter. |
