| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message. |
| Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command. |
| A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400. |
| Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact. |
| Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page. |
| Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. |
| Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable. |
| Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped print_r output." |
| SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures. |
| Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories. |
| Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. |
| Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php. |
| The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." |
| Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length. |
| Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution |
| Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. |
| Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name. |
| The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. |
| Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375. |
| The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). |
