| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE. |
| Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns. |
| The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability. |
| Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed. |
| Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type. |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information. |
| Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php. |
| Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command. |
| Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php. |
| Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors. |
| TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file. |
| PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite. |
| PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. |
| PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter. |
| SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| PHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. |
| The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters. |
